TechSpot

Html/infected.webpage.gen (help)

By Anthino
Mar 24, 2011
  1. this is step 6
    MBAM LOG follows

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6160

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/24/2011 1:44:58 PM
    mbam-log-2011-03-24 (13-44-58).txt

    Scan type: Quick scan
    Objects scanned: 161068
    Time elapsed: 3 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER LOG follows::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    it generated a blank page
     
  2. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    part two dds

    DDS LOG follows

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by TONY at 14:38:36.81 on Thu 03/24/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4429 [GMT -7:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files\Windows Mail\WindowsMailGadget.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\TONY\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r
    mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    mRun-x64: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    mRun-x64: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Users\TONY\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-8-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-8-6 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-8-6 83120]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 m4cxvst64;NDIS6.0 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;C:\Windows\System32\drivers\m4cxvst64.sys [2008-2-4 392704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-21 136176]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-30 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-30 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-30 79360]
    S3 Ctafiltv;Ctafiltv;C:\Windows\System32\drivers\Ctafiltv.sys [2010-11-30 24064]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SaiK0D14;SaiK0D14;C:\Windows\System32\drivers\SaiK0D14.sys [2010-8-6 160264]
    S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk60x64l.sys [2007-12-14 92160]
    S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\System32\drivers\yk60x64v.sys [2007-11-23 25088]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-7 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-03-22 21:10:35 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-03-22 21:10:35 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-03-22 21:10:35 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2011-03-22 21:10:35 1149440 ----a-w- C:\Windows\System32\FntCache.dll
    2011-03-22 21:10:35 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-03-22 09:13:17 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ED483679-7737-4454-9965-D296EBEED07E}\mpengine.dll
    2011-03-18 05:55:13 -------- d-----w- C:\Users\TONY\AppData\Roaming\Malwarebytes
    2011-03-18 05:55:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-18 05:54:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-18 05:54:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-18 05:54:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-15 04:07:52 -------- d-----w- C:\Program Files\iPod
    2011-03-15 04:07:51 -------- d-----w- C:\Program Files\iTunes
    2011-03-15 04:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-15 04:04:43 -------- d-----w- C:\Program Files\Bonjour
    2011-03-15 04:04:43 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-03-14 07:21:16 -------- d-----w- C:\Users\TONY\AppData\Local\DOSBox
    2011-03-14 07:21:01 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2011-03-09 20:11:51 731136 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-09 20:11:51 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-09 20:11:51 2425344 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-09 20:11:51 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-09 20:11:50 559616 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-09 20:11:50 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-09 20:11:50 416768 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-09 20:11:49 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-09 20:11:49 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-09 20:11:49 210944 ----a-w- C:\Windows\System32\sbeio.dll
    2011-03-09 20:11:49 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-09 20:11:49 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
    2011-03-09 09:08:47 -------- d-----w- C:\6a58b0cfdb8ea425f0f029
    2011-03-09 09:08:40 -------- d-----w- C:\Windows\System32\ZoneLabs
    2011-03-09 09:03:57 -------- d-----w- C:\Program Files (x86)\Zone Labs
    2011-03-09 09:03:10 -------- d-----w- C:\PROGRA~3\CheckPoint
    2011-03-09 09:03:09 -------- d-----w- C:\Windows\Internet Logs
    2011-03-05 04:38:27 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
    2011-03-05 04:38:04 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2011-02-28 01:33:02 -------- d-----w- C:\Users\TONY\AppData\Roaming\ZombieDriver
    2011-02-28 01:32:55 -------- d-----w- C:\Program Files (x86)\OpenAL
    .
    ==================== Find3M ====================
    .
    2011-03-07 18:56:59 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-07 18:56:59 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-02-28 01:32:55 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-02-28 01:32:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-02-28 01:32:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-02-28 01:32:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-02-18 23:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 23:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-03 01:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
    2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
    2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
    2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
    2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
    2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
    2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
    2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
    2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
    2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
    2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
    2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
    2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
    2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
    2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
    2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
    2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
    2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
    2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
    2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
    2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
    .
    ============= FINISH: 14:38:53.42 ===============
     
  3. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    part three attach (thanks in advance)

    ATTACH LOG follows

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/5/2010 9:45:09 PM
    System Uptime: 3/24/2011 1:36:23 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 239.557 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.774 GiB free.
    F: is CDROM (UDF)
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Absolute Futurity SpeedTestPro Ver 1.0.733
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Belarc Advisor 8.1
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon Easy-WebPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.1
    Canon MX340 series User Registration
    Canon Speed Dial Utility
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Company of Heroes Singleplayer Demo
    Compatibility Pack for the 2007 Office system
    Creative ALchemy
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Creative WaveStudio 7
    CyberLink DVD Suite Deluxe
    D-Link Corporation Control Program
    DivX Setup
    Enhanced Multimedia Keyboard Solution
    Fallout 3 - Game of the Year Edition
    Fallout: New Vegas
    Google Chrome
    Google Gears
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Jade Empire: Special Edition
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Juno Preloader
    LabelPrint
    LightScribe System Software
    LightScribe Template Labeler
    Mafia
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Medal of Honor(TM) Multiplayer
    Medal of Honor(TM) Single Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.13)
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octoshape add-in for Adobe Flash Player
    OpenAL
    OpenOffice.org 3.2
    Painkiller Demo
    Pando Media Booster
    PictureMover
    Power2Go
    PowerDirector
    PunkBuster Services
    Python 2.5.2
    QuickTime
    Realtek High Definition Audio Driver
    Saitek Call Of Duty Modern Warefare 2 Profiles
    SB Arena Headset
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Sid Meier's Civilization V
    Skype Toolbars
    Skype™ 5.1
    sp44626
    Steam
    System Requirements Lab
    System Requirements Lab CYRI
    The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    TVAnts 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Ventrilo Client
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Winamp
    Winamp Detector Plug-in
    Zombie Driver
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    What are computer issues?
     
  5. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    I have Html/infected.webpage.gen detected over and over again.antivir catches it, but it always comes back

    it affects playback of video on web that i know of. running TFC removes it for a bit, but comes the second time i try to watch a video.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    mbr check

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: NC715AAR-ABA a6712f
    Logical Drives Mask: 0x000007bc

    Kernel Drivers (total 139):
    0x01E62000 \SystemRoot\system32\ntoskrnl.exe
    0x01E1C000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EE000 \SystemRoot\system32\drivers\acpi.sys
    0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00957000 \SystemRoot\system32\drivers\pci.sys
    0x00987000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00A0B000 \SystemRoot\system32\drivers\iastor.sys
    0x00B27000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B6E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C09000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
    0x00C90000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01000000 \SystemRoot\System32\drivers\tcpip.sys
    0x01176000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01382000 \SystemRoot\system32\drivers\volsnap.sys
    0x013C6000 \SystemRoot\System32\Drivers\spldr.sys
    0x013CE000 \SystemRoot\System32\Drivers\mup.sys
    0x011A2000 \SystemRoot\System32\drivers\ecache.sys
    0x013E0000 \SystemRoot\system32\drivers\disk.sys
    0x011CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x013F4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02328000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02335000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x0233E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02407000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03062000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x03064000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03147000 \SystemRoot\System32\drivers\watchdog.sys
    0x03157000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03163000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x031A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x032F4000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x03322000 \SystemRoot\system32\DRIVERS\m4cxvst64.sys
    0x03387000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x03399000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x033C5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x031BA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02351000 \SystemRoot\system32\DRIVERS\storport.sys
    0x033D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x023AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x033DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00D39000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x033EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x023D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00FE0000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x00D6A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x023EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x031F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02200000 \SystemRoot\system32\drivers\SaiBus.sys
    0x033FB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00D7D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03200000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x00DB1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x00B82000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x00DC1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x02400000 \SystemRoot\system32\DRIVERS\SaiMini.sys
    0x00DD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x00FF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0480C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04979000 \SystemRoot\system32\drivers\portcls.sys
    0x049B4000 \SystemRoot\system32\drivers\drmk.sys
    0x049D7000 \SystemRoot\system32\drivers\ksthunk.sys
    0x049DD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x049E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x049F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04800000 \SystemRoot\System32\Drivers\Null.SYS
    0x00DE7000 \SystemRoot\System32\drivers\vga.sys
    0x00BCA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x00DF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x00C00000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x00BEF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x009C3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00A00000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x009D4000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x007D5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04605000 \SystemRoot\system32\drivers\afd.sys
    0x04670000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x046B4000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x046D2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x046E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x046FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04749000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04755000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04772000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x04794000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x047E2000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0220B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x04C0B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x04C23000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04C25000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04C2E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x04C4A000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04C56000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00450000 \SystemRoot\System32\TSDDD.dll
    0x00610000 \SystemRoot\System32\cdd.dll
    0x008B0000 \SystemRoot\System32\ATMFD.DLL
    0x04C69000 \SystemRoot\system32\drivers\luafv.sys
    0x04C8B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x04CA8000 \SystemRoot\system32\drivers\spsys.sys
    0x04D42000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04D56000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04D6E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x04D8E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x0900D000 \SystemRoot\system32\drivers\HTTP.sys
    0x090B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x090D9000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x090F7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x09111000 \SystemRoot\system32\drivers\mrxdav.sys
    0x09138000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x09161000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x091AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x091C9000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0940F000 \SystemRoot\System32\DRIVERS\srv.sys
    0x094A3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x094A8000 \SystemRoot\system32\drivers\peauth.sys
    0x0955E000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x09569000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x09579000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x095AE000 \SystemRoot\system32\DRIVERS\xaudio64.sys
    0x095B6000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    0x095DB000 \SystemRoot\system32\drivers\LGVirHid.sys
    0x77410000 \Windows\System32\ntdll.dll

    Processes (total 96):
    0 System Idle Process
    4 System
    488 C:\Windows\System32\smss.exe
    616 csrss.exe
    660 C:\Windows\System32\wininit.exe
    680 csrss.exe
    716 C:\Windows\System32\services.exe
    728 C:\Windows\System32\lsass.exe
    736 C:\Windows\System32\lsm.exe
    840 C:\Windows\System32\winlogon.exe
    924 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\nvvsvc.exe
    1016 C:\Windows\System32\svchost.exe
    316 C:\Windows\System32\svchost.exe
    580 C:\Windows\System32\svchost.exe
    704 C:\Windows\System32\svchost.exe
    732 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\audiodg.exe
    1132 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1156 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\SLsvc.exe
    1204 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\svchost.exe
    1396 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1408 C:\Windows\System32\nvvsvc.exe
    1660 C:\Windows\System32\spoolsv.exe
    1712 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1724 WUDFHost.exe
    1732 C:\Windows\System32\svchost.exe
    1892 WUDFHost.exe
    1312 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1488 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1740 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1708 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    2032 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1328 C:\Windows\SysWOW64\PnkBstrA.exe
    2108 C:\Windows\System32\svchost.exe
    2140 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2152 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2192 C:\Windows\System32\svchost.exe
    2220 C:\Windows\System32\svchost.exe
    2264 C:\Windows\System32\SearchIndexer.exe
    2356 C:\Windows\System32\drivers\XAudio64.exe
    2368 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2524 WUDFHost.exe
    2652 C:\Windows\System32\taskeng.exe
    2576 C:\Windows\System32\taskeng.exe
    2096 C:\Windows\System32\dwm.exe
    1060 C:\Windows\explorer.exe
    3080 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3244 C:\Program Files\Windows Defender\MSASCui.exe
    3252 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    3260 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3268 C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    3276 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    3284 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    3296 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3312 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    3320 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3336 C:\Windows\ehome\ehtray.exe
    3444 C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    3496 C:\hp\support\hpsysdrv.exe
    3548 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3556 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3568 C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    3576 C:\Windows\SysWOW64\rundll32.exe
    3584 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3592 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3600 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3956 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    3976 C:\Program Files\Windows Mail\WindowsMailGadget.exe
    2700 C:\Program Files\Windows Mail\WinMail.exe
    1064 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    1048 C:\Program Files\iPod\bin\iPodService.exe
    3692 C:\Windows\System32\svchost.exe
    3620 C:\Windows\ehome\ehmsas.exe
    2928 taskeng.exe
    4160 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4516 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4560 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5000 C:\Program Files (x86)\Steam\Steam.exe
    5104 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    3404 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    4616 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    4780 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    2580 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    5580 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    4324 C:\Windows\System32\SearchProtocolHost.exe
    5192 C:\Windows\System32\SearchFilterHost.exe
    5876 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    1372 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    5916 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    5116 C:\Users\TONY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    2472 dllhost.exe
    4932 dllhost.exe
    5144 C:\Users\TONY\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`311b4200 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`02f10c00

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA57A
    PhysicalDrive1 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
    149 GB \\.\PhysicalDrive1 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  8. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    combo fix

    ComboFix 11-03-24.02 - TONY 03/24/2011 18:06:36.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4499 [GMT -7:00]
    Running from: c:\users\TONY\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\TONY\AppData\Local\Temp\ppcrlui_2700_2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-25 01:14 . 2011-03-25 01:14 -------- d-----w- c:\users\TONY\AppData\Local\temp
    2011-03-25 01:14 . 2011-03-25 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-25 01:03 . 2011-03-25 01:04 -------- d-----w- C:\32788R22FWJFW
    2011-03-24 22:31 . 2011-03-24 22:31 -------- d-----w- c:\users\TONY\AppData\Local\LAG
    2011-03-24 22:31 . 2011-03-24 22:31 -------- d-----w- c:\programdata\LAG
    2011-03-24 22:31 . 2011-03-24 22:31 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
    2011-03-22 21:10 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 21:10 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-03-22 21:10 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 21:10 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 21:10 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-03-22 09:13 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED483679-7737-4454-9965-D296EBEED07E}\mpengine.dll
    2011-03-18 05:55 . 2011-03-18 05:55 -------- d-----w- c:\users\TONY\AppData\Roaming\Malwarebytes
    2011-03-18 05:55 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-18 05:54 . 2011-03-18 05:54 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-18 05:54 . 2011-03-18 05:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-18 05:54 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-15 04:07 . 2011-03-15 04:07 -------- d-----w- c:\program files\iPod
    2011-03-15 04:07 . 2011-03-15 04:08 -------- d-----w- c:\program files\iTunes
    2011-03-15 04:07 . 2011-03-15 04:08 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-15 04:04 . 2011-03-15 04:04 -------- d-----w- c:\program files\Bonjour
    2011-03-15 04:04 . 2011-03-15 04:04 -------- d-----w- c:\program files (x86)\Bonjour
    2011-03-14 07:21 . 2011-03-14 07:21 -------- d-----w- c:\users\TONY\AppData\Local\DOSBox
    2011-03-14 07:21 . 2011-03-14 07:21 -------- d-----w- c:\program files (x86)\DOSBox-0.74
    2011-03-09 20:11 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 20:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 20:11 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 20:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 20:11 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 20:11 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 20:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 20:11 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 20:11 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 20:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 20:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 20:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-09 09:08 . 2011-03-09 09:08 -------- d-----w- C:\6a58b0cfdb8ea425f0f029
    2011-03-09 09:08 . 2011-03-09 09:08 -------- d-----w- c:\windows\system32\ZoneLabs
    2011-03-09 09:03 . 2011-03-09 09:03 -------- d-----w- c:\program files (x86)\Zone Labs
    2011-03-09 09:03 . 2011-03-09 09:03 -------- d-----w- c:\programdata\CheckPoint
    2011-03-09 09:03 . 2011-03-09 10:25 -------- d-----w- c:\windows\Internet Logs
    2011-03-05 04:38 . 2011-03-09 10:16 -------- d-----w- c:\programdata\McAfee Security Scan
    2011-03-05 04:38 . 2011-03-05 04:38 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2011-03-05 04:35 . 2011-03-05 04:35 -------- d-----w- c:\programdata\McAfee
    2011-02-28 01:33 . 2011-02-28 01:49 -------- d-----w- c:\users\TONY\AppData\Roaming\ZombieDriver
    2011-02-28 01:32 . 2011-02-28 01:32 -------- d-----w- c:\program files (x86)\OpenAL
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 18:56 . 2010-10-06 06:20 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-03-07 18:56 . 2010-10-06 06:15 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-28 01:32 . 2010-11-30 20:56 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-02-28 01:32 . 2010-11-30 20:56 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-02-28 01:32 . 2010-11-30 20:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-02-28 01:32 . 2010-11-30 20:56 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-02-18 23:36 . 2011-02-18 23:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 05:40 . 2010-09-15 20:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-03 01:11 . 2010-08-07 09:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:46 . 2011-02-09 12:37 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:17 . 2011-02-09 12:37 366592 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:17 . 2011-02-09 12:37 625152 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:16 . 2011-02-09 12:37 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:16 . 2011-02-09 12:37 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:16 . 2011-02-09 12:37 196096 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:16 . 2011-02-09 12:37 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:16 . 2011-02-09 12:37 748544 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:16 . 2011-02-09 12:37 47104 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:16 . 2011-02-09 12:37 3548672 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:16 . 2011-02-09 12:37 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:14 . 2011-02-09 12:37 278528 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:14 . 2011-02-09 12:37 195072 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:08 . 2011-02-09 12:37 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 12:37 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 12:37 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2011-01-20 16:08 . 2011-02-09 12:37 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 12:37 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2011-01-20 16:07 . 2011-02-09 12:37 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2011-01-20 16:07 . 2011-02-09 12:37 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2011-01-20 16:06 . 2011-02-09 12:37 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2011-01-20 16:04 . 2011-02-09 12:37 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 12:37 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2011-01-20 15:01 . 2011-02-09 12:37 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 15:01 . 2011-02-09 12:37 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:59 . 2011-02-09 12:37 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:58 . 2011-02-09 12:37 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:57 . 2011-02-09 12:37 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:42 . 2011-02-09 12:37 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:41 . 2011-02-09 12:37 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:40 . 2011-02-09 12:37 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:40 . 2011-02-09 12:37 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2011-01-20 14:40 . 2011-02-09 12:37 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:37 . 2011-02-09 12:37 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:35 . 2011-02-09 12:37 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 14:28 . 2011-02-09 12:37 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 12:37 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25 . 2011-02-09 12:37 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 12:37 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 12:37 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 12:37 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 12:37 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-09 12:37 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-09 12:37 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 12:37 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06 . 2011-02-09 12:37 834048 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:47 . 2011-02-09 12:37 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-01-08 09:03 . 2011-02-09 12:37 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 08:47 . 2011-02-09 12:37 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:45 . 2011-02-09 12:37 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 06:28 . 2011-02-09 12:37 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-08 04:49 . 2011-01-08 04:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 04:49 . 2011-01-08 04:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 04:49 . 2011-01-08 04:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 04:48 . 2011-01-08 04:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 04:48 . 2011-01-08 04:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-08 03:27 . 2010-08-15 16:26 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2010-04-04 05:55 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-08 03:27 . 2010-04-04 05:55 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-08 03:27 . 2010-04-04 05:55 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2010-12-31 14:16 . 2011-02-09 12:37 2757632 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 16:08 . 2011-01-12 03:31 466944 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-28 15:55 . 2011-01-12 03:31 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Google Update"="c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-15 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "VolPanel"="c:\program files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
    "CtaMon"="CtaMon.dll" [2008-08-27 9728]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-30 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-30 79360]
    R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-30 79360]
    R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 SaiK0D14;SaiK0D14;c:\windows\system32\DRIVERS\SaiK0D14.sys [x]
    R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x64l.sys [x]
    R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x64v.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 m4cxvst64;NDIS6.0 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\m4cxvst64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 18:34]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 18:34]
    .
    2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000Core.job
    - c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 05:27]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000UA.job
    - c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 05:27]
    .
    2011-03-19 c:\windows\Tasks\HPCeeScheduleForTONY.job
    - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-01-26 19:12]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
    "SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2009-09-04 186880]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-09-04 357888]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-09-04 194560]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    FF - ProfilePath - c:\users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
    AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\TONY\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2011-03-24 18:16:16
    ComboFix-quarantined-files.txt 2011-03-25 01:16
    .
    Pre-Run: 324,460,126,208 bytes free
    Post-Run: 324,368,842,752 bytes free
    .
    - - End Of File - - 40026C89707DDABD6687BCCA26C65915
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I don't see much there.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    TDSSKiller

    2011/03/24 18:29:19.0221 2904 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/24 18:29:19.0628 2904 ================================================================================
    2011/03/24 18:29:19.0629 2904 SystemInfo:
    2011/03/24 18:29:19.0629 2904
    2011/03/24 18:29:19.0629 2904 OS Version: 6.0.6002 ServicePack: 2.0
    2011/03/24 18:29:19.0629 2904 Product type: Workstation
    2011/03/24 18:29:19.0629 2904 ComputerName: TONY-PC
    2011/03/24 18:29:19.0629 2904 UserName: TONY
    2011/03/24 18:29:19.0629 2904 Windows directory: C:\Windows
    2011/03/24 18:29:19.0629 2904 System windows directory: C:\Windows
    2011/03/24 18:29:19.0629 2904 Running under WOW64
    2011/03/24 18:29:19.0629 2904 Processor architecture: Intel x64
    2011/03/24 18:29:19.0629 2904 Number of processors: 2
    2011/03/24 18:29:19.0629 2904 Page size: 0x1000
    2011/03/24 18:29:19.0629 2904 Boot type: Normal boot
    2011/03/24 18:29:19.0629 2904 ================================================================================
    2011/03/24 18:29:20.0122 2904 Initialize success
    2011/03/24 18:29:21.0950 4972 ================================================================================
    2011/03/24 18:29:21.0950 4972 Scan started
    2011/03/24 18:29:21.0950 4972 Mode: Manual;
    2011/03/24 18:29:21.0950 4972 ================================================================================
    2011/03/24 18:29:22.0735 4972 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    2011/03/24 18:29:22.0924 4972 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/24 18:29:23.0378 4972 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    2011/03/24 18:29:23.0487 4972 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/24 18:29:23.0732 4972 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    2011/03/24 18:29:23.0866 4972 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
    2011/03/24 18:29:24.0008 4972 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    2011/03/24 18:29:24.0158 4972 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    2011/03/24 18:29:24.0267 4972 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    2011/03/24 18:29:24.0575 4972 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    2011/03/24 18:29:24.0659 4972 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    2011/03/24 18:29:24.0888 4972 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    2011/03/24 18:29:24.0962 4972 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    2011/03/24 18:29:25.0053 4972 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/24 18:29:25.0195 4972 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
    2011/03/24 18:29:25.0342 4972 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/03/24 18:29:25.0382 4972 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/03/24 18:29:25.0521 4972 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    2011/03/24 18:29:25.0564 4972 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/24 18:29:25.0626 4972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/24 18:29:25.0672 4972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/24 18:29:25.0753 4972 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    2011/03/24 18:29:25.0782 4972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/24 18:29:25.0841 4972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/24 18:29:25.0857 4972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    2011/03/24 18:29:25.0895 4972 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/24 18:29:25.0982 4972 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/24 18:29:26.0068 4972 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/24 18:29:26.0132 4972 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    2011/03/24 18:29:26.0217 4972 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    2011/03/24 18:29:26.0303 4972 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    2011/03/24 18:29:26.0377 4972 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
    2011/03/24 18:29:26.0417 4972 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/24 18:29:26.0537 4972 Ctafiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\Ctafiltv.sys
    2011/03/24 18:29:26.0619 4972 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/24 18:29:26.0725 4972 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    2011/03/24 18:29:26.0840 4972 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/24 18:29:26.0908 4972 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/24 18:29:26.0957 4972 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/03/24 18:29:27.0072 4972 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    2011/03/24 18:29:27.0124 4972 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    2011/03/24 18:29:27.0225 4972 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    2011/03/24 18:29:27.0280 4972 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    2011/03/24 18:29:27.0339 4972 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    2011/03/24 18:29:27.0419 4972 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/24 18:29:27.0457 4972 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/24 18:29:27.0489 4972 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    2011/03/24 18:29:27.0584 4972 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/24 18:29:27.0655 4972 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/24 18:29:27.0720 4972 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/24 18:29:27.0756 4972 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/24 18:29:27.0825 4972 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/24 18:29:27.0927 4972 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/24 18:29:28.0005 4972 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    2011/03/24 18:29:28.0024 4972 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    2011/03/24 18:29:28.0062 4972 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/24 18:29:28.0127 4972 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/24 18:29:28.0206 4972 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    2011/03/24 18:29:28.0287 4972 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    2011/03/24 18:29:28.0312 4972 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/24 18:29:28.0421 4972 iaStor (e411b4d01de654cf1a4f8bca28fa5076) C:\Windows\system32\drivers\iastor.sys
    2011/03/24 18:29:28.0486 4972 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    2011/03/24 18:29:28.0629 4972 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    2011/03/24 18:29:28.0795 4972 IntcAzAudAddService (5f885046a7f420989c8366324fd2ef60) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/03/24 18:29:28.0861 4972 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    2011/03/24 18:29:28.0887 4972 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/24 18:29:28.0978 4972 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/24 18:29:29.0055 4972 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/24 18:29:29.0087 4972 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/24 18:29:29.0150 4972 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    2011/03/24 18:29:29.0210 4972 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    2011/03/24 18:29:29.0271 4972 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/24 18:29:29.0330 4972 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/24 18:29:29.0362 4972 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    2011/03/24 18:29:29.0388 4972 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/24 18:29:29.0413 4972 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/24 18:29:29.0464 4972 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/24 18:29:29.0533 4972 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    2011/03/24 18:29:29.0659 4972 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
    2011/03/24 18:29:29.0727 4972 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
    2011/03/24 18:29:29.0871 4972 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/24 18:29:30.0306 4972 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/24 18:29:30.0773 4972 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/24 18:29:31.0256 4972 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/24 18:29:31.0303 4972 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    2011/03/24 18:29:31.0660 4972 m4cxvst64 (a831e1e530671fa99b2f1f949d0b7e21) C:\Windows\system32\DRIVERS\m4cxvst64.sys
    2011/03/24 18:29:31.0896 4972 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/03/24 18:29:32.0115 4972 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    2011/03/24 18:29:32.0528 4972 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    2011/03/24 18:29:32.0747 4972 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    2011/03/24 18:29:32.0828 4972 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/24 18:29:33.0242 4972 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/24 18:29:33.0420 4972 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/24 18:29:33.0461 4972 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/24 18:29:33.0519 4972 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    2011/03/24 18:29:33.0634 4972 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/24 18:29:34.0179 4972 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/24 18:29:34.0742 4972 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/24 18:29:35.0055 4972 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/24 18:29:35.0205 4972 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/24 18:29:35.0264 4972 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/24 18:29:35.0365 4972 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    2011/03/24 18:29:35.0692 4972 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    2011/03/24 18:29:36.0046 4972 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    2011/03/24 18:29:36.0183 4972 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/24 18:29:36.0282 4972 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/24 18:29:36.0349 4972 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/24 18:29:36.0369 4972 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/24 18:29:36.0510 4972 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/24 18:29:36.0647 4972 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/24 18:29:36.0702 4972 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/24 18:29:36.0782 4972 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    2011/03/24 18:29:36.0903 4972 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/24 18:29:37.0169 4972 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    2011/03/24 18:29:37.0451 4972 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/24 18:29:37.0688 4972 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/24 18:29:37.0801 4972 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/24 18:29:37.0878 4972 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/24 18:29:37.0935 4972 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/24 18:29:38.0013 4972 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/24 18:29:38.0083 4972 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/24 18:29:38.0151 4972 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    2011/03/24 18:29:38.0220 4972 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/24 18:29:38.0311 4972 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/24 18:29:38.0370 4972 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    2011/03/24 18:29:38.0642 4972 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/03/24 18:29:38.0827 4972 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    2011/03/24 18:29:38.0851 4972 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    2011/03/24 18:29:38.0887 4972 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/24 18:29:38.0958 4972 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/24 18:29:39.0003 4972 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    2011/03/24 18:29:39.0063 4972 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    2011/03/24 18:29:39.0090 4972 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    2011/03/24 18:29:39.0201 4972 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
    2011/03/24 18:29:39.0245 4972 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    2011/03/24 18:29:39.0291 4972 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    2011/03/24 18:29:39.0397 4972 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/24 18:29:39.0422 4972 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    2011/03/24 18:29:39.0528 4972 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
    2011/03/24 18:29:39.0593 4972 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/24 18:29:39.0683 4972 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    2011/03/24 18:29:39.0715 4972 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/24 18:29:39.0757 4972 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/24 18:29:39.0816 4972 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/24 18:29:39.0892 4972 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/24 18:29:39.0970 4972 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/24 18:29:40.0046 4972 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/24 18:29:40.0116 4972 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/24 18:29:40.0159 4972 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/24 18:29:40.0213 4972 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/24 18:29:40.0283 4972 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/24 18:29:40.0333 4972 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/24 18:29:40.0401 4972 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/24 18:29:40.0442 4972 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
    2011/03/24 18:29:40.0519 4972 SaiK0D14 (8b85673074f71ea49b4ca89d52820250) C:\Windows\system32\DRIVERS\SaiK0D14.sys
    2011/03/24 18:29:40.0642 4972 SaiMini (ab0984eaa9c544a64e618b34bb6c2956) C:\Windows\system32\DRIVERS\SaiMini.sys
    2011/03/24 18:29:40.0714 4972 SaiNtBus (5ced372730afe0ced0acacc35edb2376) C:\Windows\system32\drivers\SaiBus.sys
    2011/03/24 18:29:40.0787 4972 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/24 18:29:40.0822 4972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/03/24 18:29:40.0860 4972 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    2011/03/24 18:29:40.0893 4972 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    2011/03/24 18:29:40.0929 4972 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    2011/03/24 18:29:40.0973 4972 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/24 18:29:41.0047 4972 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/24 18:29:41.0068 4972 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/24 18:29:41.0088 4972 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/24 18:29:41.0180 4972 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/24 18:29:41.0213 4972 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/24 18:29:41.0267 4972 SkLaggProtocol (8c84b7756b1b269c4e302cc09edc8dce) C:\Windows\system32\DRIVERS\yk60x64l.sys
    2011/03/24 18:29:41.0337 4972 SkVlanProtocol (5bc4ed412a202e4e1ef6a5877625d5d6) C:\Windows\system32\DRIVERS\yk60x64v.sys
    2011/03/24 18:29:41.0414 4972 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/24 18:29:41.0501 4972 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    2011/03/24 18:29:41.0577 4972 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/24 18:29:41.0659 4972 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/24 18:29:41.0679 4972 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/24 18:29:41.0823 4972 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/24 18:29:41.0867 4972 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/24 18:29:41.0894 4972 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/24 18:29:41.0945 4972 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/24 18:29:42.0041 4972 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
    2011/03/24 18:29:42.0081 4972 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/24 18:29:42.0102 4972 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/24 18:29:42.0204 4972 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/24 18:29:42.0238 4972 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/24 18:29:42.0312 4972 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/24 18:29:42.0348 4972 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/24 18:29:42.0408 4972 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/24 18:29:42.0439 4972 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/24 18:29:42.0509 4972 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/24 18:29:42.0613 4972 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    2011/03/24 18:29:42.0686 4972 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/24 18:29:42.0747 4972 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/24 18:29:42.0780 4972 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    2011/03/24 18:29:42.0818 4972 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    2011/03/24 18:29:42.0853 4972 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/24 18:29:42.0897 4972 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/24 18:29:42.0972 4972 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/03/24 18:29:43.0051 4972 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
    2011/03/24 18:29:43.0086 4972 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/24 18:29:43.0145 4972 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    2011/03/24 18:29:43.0223 4972 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/24 18:29:43.0305 4972 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/24 18:29:43.0342 4972 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    2011/03/24 18:29:43.0373 4972 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
    2011/03/24 18:29:43.0409 4972 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/24 18:29:43.0481 4972 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/24 18:29:43.0512 4972 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/24 18:29:43.0536 4972 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    2011/03/24 18:29:43.0564 4972 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    2011/03/24 18:29:43.0649 4972 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    2011/03/24 18:29:43.0724 4972 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/24 18:29:43.0760 4972 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    2011/03/24 18:29:43.0829 4972 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/24 18:29:43.0874 4972 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    2011/03/24 18:29:43.0996 4972 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/24 18:29:44.0011 4972 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/24 18:29:44.0054 4972 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    2011/03/24 18:29:44.0098 4972 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/24 18:29:44.0197 4972 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    2011/03/24 18:29:44.0257 4972 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/24 18:29:44.0328 4972 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/24 18:29:44.0442 4972 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/24 18:29:44.0501 4972 XAudio (1912006552f36fe7e61aeed34bbddae8) C:\Windows\system32\DRIVERS\xaudio64.sys
    2011/03/24 18:29:44.0589 4972 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    2011/03/24 18:29:46.0954 4972 ================================================================================
    2011/03/24 18:29:46.0954 4972 Scan finished
    2011/03/24 18:29:46.0954 4972 ================================================================================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    All clean, so far....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    Otl txt

    OTL logfile created on: 3/24/2011 6:35:51 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TONY\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.77 Gb Total Space | 302.12 Gb Free Space | 66.73% Space Free | Partition Type: NTFS
    Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TONY-PC | User Name: TONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/24 18:33:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    PRC - [2011/03/23 22:09:53 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2011/03/17 03:19:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 16:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/11/16 23:07:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2010/11/03 00:40:17 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/11/03 00:40:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/10/17 12:40:01 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/13 01:55:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/09/13 06:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    PRC - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2009/05/04 20:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    PRC - [2009/02/22 20:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/06 13:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/24 18:33:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/09/04 04:35:08 | 000,434,688 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/03/23 22:09:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/03/17 03:19:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/30 14:39:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/11/30 14:04:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2010/11/30 13:55:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/11/03 00:40:17 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/10/13 01:55:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/22 20:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/23 23:19:15 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/08 00:41:50 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
    DRV:64bit: - [2009/09/08 00:41:50 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
    DRV:64bit: - [2009/09/08 00:41:29 | 000,160,264 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiK0D14.sys -- (SaiK0D14)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/10/06 06:18:02 | 000,405,528 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/09/04 04:34:58 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2008/08/13 23:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
    DRV:64bit: - [2008/08/06 09:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/02/04 10:52:00 | 000,392,704 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\m4cxvst64.sys -- (m4cxvst64)
    DRV:64bit: - [2007/12/14 10:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol)
    DRV:64bit: - [2007/11/23 10:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol)
    DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2006/06/19 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2008/09/26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/01/04 14:59:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/22 01:10:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/22 01:10:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/02 23:39:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/02 23:39:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2011/03/20 21:02:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2011/03/04 21:37:39 | 000,000,000 | ---D | M]

    [2010/08/05 21:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONY\AppData\Roaming\Mozilla\Extensions
    [2011/03/11 13:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\extensions
    [2010/08/11 23:30:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/16 23:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/26 17:42:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/11/04 23:22:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/15 13:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 23:48:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/01/08 07:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/04 21:37:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\TONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV2QSCXQ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2011/03/24 18:14:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CtaMon] C:\Windows\SysWow64\CtaMon.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 18:33:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/03/24 18:28:21 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\TONY\Desktop\TDSSKiller.exe
    [2011/03/24 18:16:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/24 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\temp
    [2011/03/24 18:04:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/24 18:04:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/24 18:04:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/24 18:04:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/24 18:03:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/24 18:03:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/24 18:03:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/24 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\LAG
    [2011/03/24 15:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
    [2011/03/24 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\TONY\Desktop\reports
    [2011/03/17 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Roaming\Malwarebytes
    [2011/03/17 22:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/17 22:55:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/17 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/17 22:54:56 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/17 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/17 22:45:03 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/17 22:40:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/14 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/03/14 21:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/14 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/14 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/03/14 21:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/14 21:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/03/14 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\DOSBox
    [2011/03/14 00:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
    [2011/03/14 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
    [2011/03/14 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\TONY\Desktop\wasteland
    [2011/03/09 02:08:47 | 000,000,000 | ---D | C] -- C:\6a58b0cfdb8ea425f0f029
    [2011/03/09 02:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs
    [2011/03/09 02:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
    [2011/03/09 02:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2011/03/09 02:03:09 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
    [2011/03/04 21:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2011/03/04 21:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2011/03/04 21:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
    [2011/03/04 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/03/04 21:21:40 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/03/04 21:21:40 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/02/27 18:33:02 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Roaming\ZombieDriver
    [2011/02/27 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2011/02/24 04:03:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
    [2011/02/24 04:03:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 18:33:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/03/24 18:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000UA.job
    [2011/03/24 18:27:59 | 001,263,721 | ---- | M] () -- C:\Users\TONY\Desktop\tdsskiller.zip
    [2011/03/24 18:14:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/24 18:03:52 | 004,301,769 | R--- | M] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/03/24 18:02:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/24 18:02:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/24 17:56:41 | 000,080,384 | ---- | M] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/03/24 17:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/24 16:09:03 | 000,802,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/24 16:09:03 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/24 16:09:03 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/24 16:04:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/24 16:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/23 21:31:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000Core.job
    [2011/03/19 12:58:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTONY.job
    [2011/03/17 22:55:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/17 22:46:37 | 000,625,664 | ---- | M] () -- C:\Users\TONY\Desktop\dds.scr
    [2011/03/17 22:46:08 | 000,296,448 | ---- | M] () -- C:\Users\TONY\Desktop\xrogppew.exe
    [2011/03/17 22:45:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/17 22:40:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/14 21:08:33 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/14 00:21:01 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2011/03/11 14:00:05 | 000,011,200 | ---- | M] () -- C:\Users\TONY\Desktop\midsummers night feast.odt
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\TONY\Desktop\TDSSKiller.exe
    [2011/03/07 11:56:59 | 000,218,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/03/07 11:56:59 | 000,218,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/03/04 21:38:06 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/02/27 18:32:55 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2011/02/27 18:32:55 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2011/02/25 14:00:05 | 000,013,824 | ---- | M] () -- C:\Users\TONY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/24 18:27:55 | 001,263,721 | ---- | C] () -- C:\Users\TONY\Desktop\tdsskiller.zip
    [2011/03/24 18:04:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/24 18:04:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/24 18:04:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/24 18:04:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/24 18:04:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/24 17:56:41 | 000,080,384 | ---- | C] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/03/24 13:13:48 | 004,301,769 | R--- | C] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/03/17 22:55:02 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/17 22:46:34 | 000,625,664 | ---- | C] () -- C:\Users\TONY\Desktop\dds.scr
    [2011/03/17 22:46:07 | 000,296,448 | ---- | C] () -- C:\Users\TONY\Desktop\xrogppew.exe
    [2011/03/14 21:08:33 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/14 00:21:01 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2011/03/04 21:38:06 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/03/02 23:43:16 | 000,011,200 | ---- | C] () -- C:\Users\TONY\Desktop\midsummers night feast.odt
    [2011/02/24 04:00:21 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
    [2011/02/24 04:00:21 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
    [2011/02/24 04:00:21 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
    [2011/02/24 04:00:21 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
    [2011/02/24 04:00:21 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
    [2011/02/24 04:00:21 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
    [2010/11/30 13:56:27 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
    [2010/11/30 13:56:25 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/11/30 13:56:25 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/10/05 23:15:46 | 000,218,496 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/10/05 23:15:45 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
    [2010/10/05 23:15:45 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/09/22 21:11:36 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/09/21 11:37:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/24 21:56:46 | 000,013,824 | ---- | C] () -- C:\Users\TONY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/07 08:45:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2010/08/07 08:45:23 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2010/08/07 08:45:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2010/08/06 15:19:09 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
    [2010/08/06 14:34:37 | 000,000,092 | ---- | C] () -- C:\Users\TONY\AppData\Local\fusioncache.dat
    [2010/08/06 14:10:26 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/08/05 22:59:28 | 000,000,552 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d8caps.dat
    [2010/08/05 21:01:21 | 000,000,680 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d9caps.dat
    [2010/08/05 20:59:02 | 000,000,732 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d9caps64.dat
    [2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/01/26 15:00:56 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2009/01/26 15:00:56 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2009/01/26 14:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2008/09/18 00:45:54 | 000,001,515 | R--- | C] () -- C:\Windows\Ctacfg.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/01/15 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\Canon
    [2010/11/04 23:31:39 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\OpenOffice.org
    [2010/08/05 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\PictureMover
    [2010/10/12 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\SystemRequirementsLab
    [2010/08/06 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\Turbine
    [2010/08/06 14:49:45 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\WildTangent
    [2010/08/21 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\WinBatch
    [2011/02/27 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\ZombieDriver
    [2011/03/24 16:01:51 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/01/26 14:31:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/24 18:16:17 | 000,023,886 | ---- | M] () -- C:\ComboFix.txt
    [2010/12/02 00:54:08 | 000,007,200 | ---- | M] () -- C:\CTSUFile.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/08/21 12:58:50 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2011/03/09 02:04:04 | 000,000,247 | ---- | M] () -- C:\INSTALL.LOG
    [2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/03/24 16:02:32 | 2460,303,359 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/24 18:35:47 | 000,057,872 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.03.2011_18.29.19_log.txt
    [2009/01/26 15:28:40 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/08/15 09:41:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/11 23:56:27 | 000,000,355 | -HS- | M] () -- C:\Users\TONY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/24 18:03:52 | 004,301,769 | R--- | M] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/03/17 22:45:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/24 17:56:41 | 000,080,384 | ---- | M] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/03/24 18:33:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\TONY\Desktop\TDSSKiller.exe
    [2011/03/17 22:40:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/17 22:46:08 | 000,296,448 | ---- | M] () -- C:\Users\TONY\Desktop\xrogppew.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/05 21:10:36 | 000,000,402 | -HS- | M] () -- C:\Users\TONY\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  13. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    Extras txt

    OTL Extras logfile created on: 3/24/2011 6:35:51 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TONY\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.77 Gb Total Space | 302.12 Gb Free Space | 66.73% Space Free | Partition Type: NTFS
    Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TONY-PC | User Name: TONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 47 30 8A 87 9A 3C CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1603E395-C2B2-47E1-9C11-70D9DA54CE84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21AB61F7-1E5A-43B9-A974-FB3A33C66140}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{21FE9204-4198-41C8-9280-07B80DEC1CD5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{346A52E0-1716-4566-A410-003C8B58F000}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3AA23CFC-3222-4AB5-A9B6-E8B3F550393B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{688BA849-4A57-4961-9E6D-E365EDECD2DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6DF656B4-66D0-4943-80EE-848DE3544EB5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{76FF3BA9-2C39-4354-B389-08CEBBE40C4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{888EEE93-9E1E-49F1-8014-BCC094D8B20F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{96BC2516-00C9-469E-BCB2-A7A6472AD365}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9998A2E5-BBE1-4C76-9DBB-2A47955CAA37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9D9699AC-46BD-493C-997D-11564D85EC23}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A9EA0C11-9207-40E2-A9F7-D9E865B857C7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B11016DD-719A-4137-9610-813105D3A8CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B8B0017C-B603-451A-979A-F8307DD1A2B4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BE973066-6D1D-44C4-BCBF-99016A8924ED}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C9A537F1-122E-4FB4-BBA8-F7FDCAD72221}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D1E5FB89-64FF-4873-BCB3-BBC278347849}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5CDC0DD-CC82-4B86-B496-FB81C5AF8E05}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05BAC79D-8D65-4B71-841C-5B2115666B6C}" = protocol=6 | dir=out | app=system |
    "{08FFE65E-71C8-4E0B-AB18-97F21EA5E0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
    "{0B453DF2-5FBC-4C59-8573-01498E3EA76B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{11533BE4-7C19-4A3F-883A-A3FF5E34311A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes sp demo\reliccoh.exe |
    "{1349FBFF-B3EF-439A-A1C6-24B90B908C34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{14C4E260-20ED-49B0-A2FF-E9CB5A53E999}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{1D8EBB01-864B-48F9-96B2-825F4DE0035A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{1D96DA49-93A7-4728-84A9-9D9ABFE05147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1EFC334A-3349-4302-A8BE-33920078EF22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{20E916A8-0E2F-4C2A-A1B6-3301640720CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{224AA362-814A-4552-89B4-DF73A82CAF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{24240FE1-E558-443D-958D-2ABB36A5F2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
    "{26AB38AA-B284-423A-8AD9-FC2B12AC4472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
    "{2931AE34-41B3-4EAD-B6D1-64D41E6D8DB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2A4C11DD-CE3D-40CF-9829-1B077352644E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
    "{2CEEF9D1-FE48-4F1A-9AA2-DE074F945FC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{301F86E4-735C-438B-A43C-89E7FAC63A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
    "{31338F97-EB9D-43AA-9F79-E9BFCC06305B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{326F51E7-C62B-4F3F-8D3C-C067F51A4521}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{3696445D-0FB4-426E-98B4-9CFDBDD3C843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{37EE72EA-A8FC-48AF-AE0D-B8B364A79518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe |
    "{3ADE92F9-12EE-4CFA-99A7-1A03DC37FA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{3B7D0A62-90EC-4D66-98C1-919117A13C98}" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{457241CA-E2A5-4050-BAA5-E45FDD189115}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{47D17CAC-C028-42C2-B437-5C2EA04F99D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe |
    "{49034B6F-EB1D-47EB-BF15-AF43C83CCABE}" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4B71E28A-9118-4D7A-B3FA-822EEE70485D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{4D08B872-27CA-45E6-9A6D-A71DFA749CDE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{4F93AA5A-C3F0-4C58-9E38-57C065ED335A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller demo\bin\paingame.exe |
    "{5319C474-748F-4ECF-92E0-0E6D26A25C14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
    "{5537781B-F0B4-4F43-8E16-0AA3D61A99BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
    "{598B5515-57FD-4FC0-88B3-3A82C942BD92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5A3DED4F-6E21-4349-BBD8-37042136B185}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5CF1E859-3EED-4B97-922E-90EF052ADAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes sp demo\reliccoh.exe |
    "{5D50DF28-5ACB-4815-881A-82B605368166}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
    "{60DBACD9-674B-47E5-9877-7ADAC87071E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
    "{60E96045-94AD-4C83-AA84-DB70847AF422}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{65FE667E-8447-4A4A-A542-3596C1817D65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6CE4A668-A4E8-4598-A0B0-818B56357966}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{716EBEB9-7C03-4C7C-BA9D-B8809EF954DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
    "{71E5A6E9-A36C-482B-B90D-97A05D9C8499}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{735C7940-A3C3-4D9E-96AA-54D65DBF5BD6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{7ACDC194-71E6-4D1A-804A-97636653F9CC}" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7B4706DB-51B0-4C5E-ACFF-4D347028D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7BA192F7-05FA-4922-B92C-FAC2BAF29AB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7C9916BB-DB93-4E49-8393-1795C9F1ECDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
    "{7DB388E6-DCA9-4002-97C7-FA20FFA7158A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{7EDD99E0-5D80-4815-A26E-61A538043545}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{7F79CBA7-0A1B-4D6F-81A8-9B3B3B33020F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{82EFE1CB-653D-4BE9-8098-F2755D43CC32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
    "{8448828A-8293-4025-BCDC-778CB9C59BA9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{876ACF4E-C466-4F75-89EB-87D0D8DC8129}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{87A641F2-534B-4B9C-8B1E-551355A428EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{88442B65-8134-4E4E-BBEA-787003087773}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
    "{8A2A14FE-2062-41FE-AEB4-3929964F8202}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{935B1D07-FBD3-461A-AB94-85A82CE4C472}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{9420ECA4-5692-4109-BBCD-60227E412702}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{98E9120B-BFE0-4FF5-B863-14DB61835E11}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{99BE1360-78C8-426F-AD26-3A90754DEB93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{9AE5CEDC-A162-422F-976F-CEE81C9F4ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
    "{9E751DAF-86FC-412A-83AD-8F11DE2BBA44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A0501010-7B74-4305-840F-7CD3E4AA3094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8233F27-0DC4-4088-AFF5-73D9A394B49C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8F93899-7C8D-4824-8C13-26C807AD97EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B1345D6A-43DE-4BE7-8621-31B84CEEAF32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{BAE43BDA-2823-4190-84B7-9901DCA8367B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C0B4D32F-00A7-4AF3-90B3-24F357E2AC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
    "{C5E151B9-AE6E-4EF1-82E8-73C67C764715}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CD5B62C3-FB97-4325-8FF6-2013CA413261}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{CECE7819-998E-44DA-87F9-F97BFE7456C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{CF04EB15-B12B-4FEB-8544-5E1C4C6FCD18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CF8D6807-F6AF-4DF8-BC1A-21FD7E29E263}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D31739DA-260C-4D97-B159-87E6EC8F5DB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{D647646D-BCFF-4850-B7BC-B69D0A4A7E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D6E254EB-E2E7-4C74-8C8A-7F96ACC465DB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DFA47FCD-B5F8-4EAC-8B0B-A1F0790BFA5F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DFB7E3D3-3E35-424C-A32F-01DEAD2AB4B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller demo\bin\paingame.exe |
    "{E1D5B53C-E3EE-498F-B7A9-556B39042178}" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{E2D23312-921A-4660-A020-F91DAB606EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{E3FAD7C9-A0CD-4657-B4B6-CA077602372D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{EA35DBC2-89AF-4450-A831-817244DF91FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{EE3AD71B-5673-4C7E-A4AC-9E4500AB078A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
    "{EE809A15-81D2-409C-9BC6-7747CB092738}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EEACA271-D13F-4806-8B32-A3769D201AA2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{EF48DA0A-E873-44CD-99FB-AA122D7ADCAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F38D6103-ECCB-4E6A-8BD3-1DA083DB0DC3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{F86577B5-612F-4221-883E-44A4EAB2A6EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FA3F4061-AE1F-4290-9C0E-FECD62E41F55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{FDAF3F6E-1890-421A-B9F1-271726984638}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{30A20CA7-98AE-43F2-A754-FB2970309051}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{5AF8A4D1-1022-4360-8498-16DEE56D8056}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{7EF62EC7-E9E0-417F-BE06-88D4E168CABC}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
    "TCP Query User{862E7C04-FFC9-4FF0-9D59-7547AE50BFF6}C:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{AB998C30-41FB-429E-9E5C-EDAF907FD7E8}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "TCP Query User{EF640D10-2263-4AE2-A439-74E5D39FDCED}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{51B59CBB-7E56-443E-A68E-0410298F82C0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{70299FC3-62F1-464F-AD4F-1843AC1B291D}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "UDP Query User{760BF6E4-F231-4F56-AD5A-3C4347ACFD8E}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
    "UDP Query User{A68B965F-62FD-4814-B5C4-752E59521561}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{D5C21E92-C565-429D-8BCA-59AAD0B11E0E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{EA4B8896-5DB9-44E8-AA3A-5D936A93101F}C:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{59A50260-AED9-40E6-80CF-7319C8A7A926}" = Saitek Cyborg Keyboard Volume 6.7.3.0
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
    "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F868E7BF-BC77-4B1F-A4CF-555099675E41}" = Saitek SD6 Programming Software 6.7.3.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1E83D2D0-188B-4A4D-BEF7-72E370747AA3}" = D-Link Corporation Control Program
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6E139C26-2033-466B-89FF-1EB1AF6D4979}" = Saitek Call Of Duty Modern Warefare 2 Profiles
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3DFF4C8-50BA-463D-8334-4BAFE7172EA6}" = SB Arena Headset
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ALchemy" = Creative ALchemy
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.1
    "Canon MX340 series User Registration" = Canon MX340 series User Registration
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Google Chrome" = Google Chrome
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "PunkBusterSvc" = PunkBuster Services
    "sp44626" = sp44626
    "Speed Dial Utility" = Canon Speed Dial Utility
    "SpeedTestPro_is1" = Absolute Futurity SpeedTestPro Ver 1.0.733
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 22370" = Fallout 3 - Game of the Year Edition
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 31419" = Zombie Driver
    "Steam App 3210" = Painkiller Demo
    "Steam App 40990" = Mafia
    "Steam App 42120" = Lead and Gold - Gangs of the Wild West
    "Steam App 47790" = Medal of Honor(TM) Single Player
    "Steam App 47830" = Medal of Honor(TM) Multiplayer
    "Steam App 7110" = Jade Empire: Special Edition
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 9300" = Company of Heroes Singleplayer Demo
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "TVAnts 1.0" = TVAnts 1.0
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "Veetle TV" = Veetle TV 0.9.18
    "WaveStudio 7" = Creative WaveStudio 7
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/19/2011 3:44:34 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1008
    Description =

    Error - 3/19/2011 3:44:34 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/21/2011 12:01:10 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/21/2011 12:02:46 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/21/2011 12:02:47 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1008
    Description =

    Error - 3/21/2011 12:02:47 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/22/2011 2:31:37 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/22/2011 2:33:21 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/22/2011 2:33:22 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1008
    Description =

    Error - 3/22/2011 2:33:22 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    [ Media Center Events ]
    Error - 9/17/2010 9:46:57 PM | Computer Name = TONY-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/1/2010 9:29:10 PM | Computer Name = TONY-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 10/29/2010 9:36:28 PM | Computer Name = TONY-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:05:35 AM on 10/29/2010 was unexpected.

    Error - 10/29/2010 9:38:00 PM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 10/30/2010 1:08:37 PM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/30/2010 1:08:37 PM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/2/2010 1:35:14 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/2/2010 1:37:02 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 11/2/2010 1:37:02 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/2/2010 2:35:37 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/2/2010 2:56:31 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/2/2010 3:37:47 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You can safely uninstall McAfee Security Scan, typical foistware.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    OTL run fix

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Windows\11AE680750D24F5982B32C3E695E94C2.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\11AE680750D24F5982B32C3E695E94C2.TMP folder deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TONY
    ->Temp folder emptied: 309655 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 87676277 bytes
    ->Google Chrome cache emptied: 10695002 bytes
    ->Flash cache emptied: 2281 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 94.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TONY
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03242011_190250

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  16. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    checkup

    Results of screen317's Security Check version 0.99.7
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 20
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall:
    Java(TM) 6 Update 7
    Java(TM) 6 Update 20


    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
     
  18. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    Eset

    no log was generated
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  20. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    2nd OTL run fix

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TONY
    ->Temp folder emptied: 286048 bytes
    ->Temporary Internet Files folder emptied: 98952 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 23553243 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 785 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 23.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TONY
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.22.3 log created on 03242011_194648

    Files\Folders moved on Reboot...
    C:\Users\TONY\AppData\Local\Temp\ppcrlui_3668_2 moved successfully.

    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Whenever ready....
     
  22. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    follow up

    almost answered too soon. google 4 beta is working grand but IE and chrome are not. still in refernece to playing video from www.fancast.com

    MSIE will not get past the inital gray load screen of any video , no player screen at all

    chrome just gets stuck in a loop that is the first Xfinity TV...Accepting auth cloud screen (i tired uninstall/reinstall) no help

    firefox just fine

    and i dont know if this is related but i recently upgraded to xfinity blast 20 mbps and the Ubee D 3.0 modem i have not noticed the great increase in my speeds, specifically Steam. in fact, they seem worse lately

    i am hoping there is a forum section for that, next
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...