TechSpot

I think I have a virus

Inactive
By Havingphun
May 22, 2012
  1. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    I found the install cd for aol should I install it and try to get online?
  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Let's see about your internet connection now...

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  3. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    FSS Log:

    Farbar Service Scanner Version: 25-05-2012
    Ran by New 2 (administrator) on 26-05-2012 at 16:31:58
    Running from "C:\Users\New 2\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D
    C:\Windows\system32\Drivers\afd.sys
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2008-01-20 19:25] - [2008-01-20 19:25] - 0891448 ____A (Microsoft Corporation) FC6E2835D667774D409C7C7021EAF9C4
    C:\Windows\system32\dnsrslvr.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31
    C:\Windows\system32\mpssvc.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
    C:\Windows\system32\bfe.dll
    [2008-01-20 19:23] - [2008-01-20 19:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe
    [2008-01-20 19:23] - [2008-01-20 19:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
    C:\Windows\system32\wscsvc.dll
    [2008-01-20 19:23] - [2008-01-20 19:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
    C:\Windows\system32\wbem\WMIsvc.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
    C:\Windows\system32\wuaueng.dll
    [2008-01-20 19:25] - [2008-01-20 19:25] - 1695232 ____A (Microsoft Corporation) D79538B67FA641E986855DEF651E78FE
    C:\Windows\system32\qmgr.dll
    [2008-01-20 19:25] - [2008-01-20 19:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
    C:\Windows\system32\es.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0262144 ____A (Microsoft Corporation) F4BF4FA769DB51B106D2B4B35256988B
    C:\Windows\system32\cryptsvc.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll
    [2008-01-20 19:24] - [2008-01-20 19:24] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

    **** End of log ****
  4. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    All settings look fine so I want to you try that AOL setup and see if you can use your dial-up.
  5. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Aol was setup correctly. We must have done something because Aol would install before but the virus would break it autimaticly. But I could not get aol to connect. It did connect during the setup of its settings, I saw it the corner of the screen that it was connected the internet. I think it is just a problem with aol. Its an old program. I diagnosed the connection with windows and it said I had to connect a cable to the "Local area network". I obviously did because thats the only plugin I have for wired internet and I checked both ends they are plugged in all the way. What should I do next? Can I reinstall broken programs to see if the virus is still there to break them. Like simcity 4 for example.
  6. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Not yet.

    What connection/computer do you use to post here?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    I use the other computer in my house to respond to this. It is too old too do anything else though so I download things to a flash drive and move them to my laptop. I tried to connect my laptop to the internet using the same connection to the internet and both using aol as it is the only option for now. But there is a pssoibility that I will get rid of the dial up and get high speed internet. Then it would be easier to connect.
  8. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Here is the log for OTL:

    OTL logfile created on: 5/27/2012 8:56:23 AM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\New 2\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.53% Memory free
    21.22 Gb Paging File | 20.43 Gb Available in Paging File | 96.29% Paging File free
    Paging file location(s): c:\pagefile.sys 19000 20000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.03 Gb Total Space | 37.52 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
    Drive D: | 9.85 Gb Total Space | 0.48 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
    Drive E: | 80.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.45 Gb Total Space | 4.81 Gb Free Space | 64.56% Space Free | Partition Type: FAT32

    Computer Name: LUKEMONEY-PC | User Name: New 2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    PRC - [2012/05/25 21:16:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/21 15:52:00 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - File not found [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (NxNetMon)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
    SRV - [2012/05/25 21:16:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/21 15:52:00 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/26 09:44:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/22 22:05:56 | 000,126,904 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
    SRV - [2009/08/26 10:07:08 | 004,048,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NEW2~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/05 05:37:27 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/10 16:41:30 | 000,027,928 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fileHiders.sys -- (fileHiders)
    DRV - [2011/08/10 16:41:28 | 000,023,832 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\zeoscanner.sys -- (ZeoScanner)
    DRV - [2011/04/27 19:18:10 | 000,018,768 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
    DRV - [2011/04/25 16:21:38 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2011/04/25 16:21:37 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2011/03/23 00:59:18 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
    DRV - [2011/03/23 00:59:16 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
    DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/10/16 11:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/09/07 13:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2010/08/13 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/08/13 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
    DRV - [2010/08/08 20:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/07/28 20:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymEFA.sys -- (SymEFA)
    DRV - [2010/07/28 19:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtsp.sys -- (SRTSP)
    DRV - [2010/07/28 19:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/12 18:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symtdiv.sys -- (SYMTDIv)
    DRV - [2010/06/26 21:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Ironx86.sys -- (SymIRON)
    DRV - [2010/06/26 21:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86)
    DRV - [2010/06/13 03:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymDS.sys -- (SymDS)
    DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/12/18 13:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2009/12/18 13:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2009/08/26 10:07:26 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ssidrv.sys -- (ssidrv)
    DRV - [2009/08/26 10:07:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sshrmd.sys -- (sshrmd)
    DRV - [2009/08/26 10:07:24 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
    DRV - [2008/06/05 09:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{047725AF-524F-470B-A5BE-38D6D75FFB09}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
    IE - HKLM\..\SearchScopes\{2D44ADC8-4906-4BAE-BC0E-D40BD2AB8F60}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\SearchScopes\{40D2A006-6FF6-4943-B249-01DA2DE868E4}: "URL" = http://www.ant.com/web/{searchTerms}/
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 11:35:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/04/05 05:38:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2012/04/05 05:36:19 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - Extension: SpeedBit Video Downloader = C:\Users\New 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.3_0\

    O1 HOSTS File: ([2012/05/25 23:39:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1296282136\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\.DEFAULT..\Run: [GameBooster.exe] C:\Program Files\IObit\Game Booster\GameBooster.exe (IObit)
    O4 - HKU\S-1-5-18..\Run: [GameBooster.exe] C:\Program Files\IObit\Game Booster\GameBooster.exe (IObit)
    O4 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
    O4 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006..\Run: [Cracked Steam Service] c:\program files\steam\Cracked Steam.exe (Anti-Valve Software )
    O4 - HKU\.DEFAULT..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DABAAE7-1F5F-4D23-9AB3-D0703079E615}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/04 11:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/10/26 04:33:28 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Exportit - File not found
    NetSvcs: vnxservice - File not found
    NetSvcs: EACSvrMngr - File not found
    NetSvcs: ifxtcs - File not found
    NetSvcs: Si3132 - File not found
    NetSvcs: MTDVC2 - File not found
    NetSvcs: AppnApi - File not found
    NetSvcs: dtsrvc - File not found
    NetSvcs: bocdrive - File not found
    NetSvcs: rootmodem - File not found
    NetSvcs: sentinel - File not found
    NetSvcs: roxliveshare9 - File not found
    NetSvcs: mcshield - File not found
    NetSvcs: pensup - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/27 08:54:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\Plans
    [2012/05/26 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\av stuff
    [2012/05/26 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\AOL
    [2012/05/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
    [2012/05/26 19:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
    [2012/05/26 16:22:08 | 000,000,000 | -HSD | C] -- C:\found.005
    [2012/05/25 23:49:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/25 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Local\temp
    [2012/05/25 23:40:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/05/25 20:19:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/25 20:19:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/25 20:19:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/25 20:19:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/25 20:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/25 17:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/25 17:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/05/25 14:46:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/05/25 13:32:09 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
    [2012/05/24 23:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\ForGayViruses
    [2012/05/24 22:57:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/05/24 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\Malwarebytes
    [2012/05/24 22:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/05 16:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
    [2012/05/01 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\powder toy
    [2011/08/08 10:54:18 | 023,277,339 | ---- | C] (The Code::Blocks Team) -- C:\Program Files\codeblocks-10.05-setup.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\System32\drivers\
    [2012/05/27 08:44:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:44:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 03:57:31 | 000,000,946 | ---- | M] () -- C:\Users\New 2\Desktop\Paint.NET.lnk
    [2012/05/26 22:43:11 | 000,021,504 | ---- | M] () -- C:\Users\New 2\AppData\Local\DCBC2A71-70D8-4DAN-
  9. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Here is the log for OTL:

    OTL logfile created on: 5/27/2012 8:56:23 AM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\New 2\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.53% Memory free
    21.22 Gb Paging File | 20.43 Gb Available in Paging File | 96.29% Paging File free
    Paging file location(s): c:\pagefile.sys 19000 20000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.03 Gb Total Space | 37.52 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
    Drive D: | 9.85 Gb Total Space | 0.48 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
    Drive E: | 80.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.45 Gb Total Space | 4.81 Gb Free Space | 64.56% Space Free | Partition Type: FAT32

    Computer Name: LUKEMONEY-PC | User Name: New 2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    PRC - [2012/05/25 21:16:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/21 15:52:00 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - File not found [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (NxNetMon)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
    SRV - [2012/05/25 21:16:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/21 15:52:00 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/26 09:44:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/22 22:05:56 | 000,126,904 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
    SRV - [2009/08/26 10:07:08 | 004,048,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NEW2~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/05 05:37:27 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/10 16:41:30 | 000,027,928 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fileHiders.sys -- (fileHiders)
    DRV - [2011/08/10 16:41:28 | 000,023,832 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\zeoscanner.sys -- (ZeoScanner)
    DRV - [2011/04/27 19:18:10 | 000,018,768 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
    DRV - [2011/04/25 16:21:38 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2011/04/25 16:21:37 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2011/03/23 00:59:18 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
    DRV - [2011/03/23 00:59:16 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
    DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/10/16 11:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/09/07 13:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2010/08/13 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/08/13 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
    DRV - [2010/08/08 20:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/07/28 20:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymEFA.sys -- (SymEFA)
    DRV - [2010/07/28 19:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtsp.sys -- (SRTSP)
    DRV - [2010/07/28 19:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/12 18:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symtdiv.sys -- (SYMTDIv)
    DRV - [2010/06/26 21:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Ironx86.sys -- (SymIRON)
    DRV - [2010/06/26 21:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86)
    DRV - [2010/06/13 03:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymDS.sys -- (SymDS)
    DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/12/18 13:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2009/12/18 13:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2009/08/26 10:07:26 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ssidrv.sys -- (ssidrv)
    DRV - [2009/08/26 10:07:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sshrmd.sys -- (sshrmd)
    DRV - [2009/08/26 10:07:24 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
    DRV - [2008/06/05 09:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{047725AF-524F-470B-A5BE-38D6D75FFB09}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
    IE - HKLM\..\SearchScopes\{2D44ADC8-4906-4BAE-BC0E-D40BD2AB8F60}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\SearchScopes\{40D2A006-6FF6-4943-B249-01DA2DE868E4}: "URL" = http://www.ant.com/web/{searchTerms}/
    IE - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 11:35:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/04/05 05:38:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2012/04/05 05:36:19 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - Extension: SpeedBit Video Downloader = C:\Users\New 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.3_0\

    O1 HOSTS File: ([2012/05/25 23:39:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1296282136\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\.DEFAULT..\Run: [GameBooster.exe] C:\Program Files\IObit\Game Booster\GameBooster.exe (IObit)
    O4 - HKU\S-1-5-18..\Run: [GameBooster.exe] C:\Program Files\IObit\Game Booster\GameBooster.exe (IObit)
    O4 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
    O4 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006..\Run: [Cracked Steam Service] c:\program files\steam\Cracked Steam.exe (Anti-Valve Software )
    O4 - HKU\.DEFAULT..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3319729882-385008171-2775926612-1006\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DABAAE7-1F5F-4D23-9AB3-D0703079E615}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/04 11:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/10/26 04:33:28 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Exportit - File not found
    NetSvcs: vnxservice - File not found
    NetSvcs: EACSvrMngr - File not found
    NetSvcs: ifxtcs - File not found
    NetSvcs: Si3132 - File not found
    NetSvcs: MTDVC2 - File not found
    NetSvcs: AppnApi - File not found
    NetSvcs: dtsrvc - File not found
    NetSvcs: bocdrive - File not found
    NetSvcs: rootmodem - File not found
    NetSvcs: sentinel - File not found
    NetSvcs: roxliveshare9 - File not found
    NetSvcs: mcshield - File not found
    NetSvcs: pensup - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/27 08:54:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\Plans
    [2012/05/26 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\av stuff
    [2012/05/26 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\AOL
    [2012/05/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
    [2012/05/26 19:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
    [2012/05/26 16:22:08 | 000,000,000 | -HSD | C] -- C:\found.005
    [2012/05/25 23:49:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/25 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Local\temp
    [2012/05/25 23:40:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/05/25 20:19:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/25 20:19:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/25 20:19:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/25 20:19:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/25 20:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/25 17:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/25 17:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/05/25 14:46:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/05/25 13:32:09 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
    [2012/05/24 23:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\ForGayViruses
    [2012/05/24 22:57:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/05/24 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\Malwarebytes
    [2012/05/24 22:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/05 16:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
    [2012/05/01 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\powder toy
    [2011/08/08 10:54:18 | 023,277,339 | ---- | C] (The Code::Blocks Team) -- C:\Program Files\codeblocks-10.05-setup.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\System32\drivers\
    [2012/05/27 08:44:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:44:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 03:57:31 | 000,000,946 | ---- | M] () -- C:\Users\New 2\Desktop\Paint.NET.lnk
    [2012/05/26 22:43:11 | 000,021,504 | ---- | M] () -- C:\Users\New 2\AppData\Local\DCBC2A71-70D8-4DAN-
  10. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Part two of log:

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/27 08:54:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\Plans
    [2012/05/26 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\av stuff
    [2012/05/26 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\AOL
    [2012/05/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
    [2012/05/26 19:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
    [2012/05/26 16:22:08 | 000,000,000 | -HSD | C] -- C:\found.005
    [2012/05/25 23:49:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/25 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Local\temp
    [2012/05/25 23:40:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/05/25 20:19:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/25 20:19:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/25 20:19:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/25 20:19:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/25 20:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/25 17:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/25 17:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/05/25 14:46:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/05/25 13:32:09 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
    [2012/05/24 23:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\ForGayViruses
    [2012/05/24 22:57:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/05/24 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\New 2\AppData\Roaming\Malwarebytes
    [2012/05/24 22:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/05 16:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
    [2012/05/01 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\New 2\Desktop\powder toy
    [2011/08/08 10:54:18 | 023,277,339 | ---- | C] (The Code::Blocks Team) -- C:\Program Files\codeblocks-10.05-setup.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\System32\drivers\
    [2012/05/27 08:44:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:51:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/27 07:44:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe
    [2012/05/27 03:57:31 | 000,000,946 | ---- | M] () -- C:\Users\New 2\Desktop\Paint.NET.lnk
    [2012/05/26 22:43:11 | 000,021,504 | ---- | M] () -- C:\Users\New 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/26 21:22:26 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2012/05/26 21:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/26 19:50:58 | 2951,032,832 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/26 19:35:02 | 000,000,855 | ---- | M] () -- C:\Windows\aolback.exe.lnk
    [2012/05/26 19:34:48 | 000,000,740 | ---- | M] () -- C:\Users\New 2\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk
    [2012/05/26 19:34:45 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\AOL 9.0.lnk
    [2012/05/25 23:39:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/05/25 22:46:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/05/25 17:43:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/24 23:02:07 | 002,792,123 | ---- | M] () -- C:\Program Files\RelevantKnowledge.arc
    [2012/05/13 17:14:19 | 000,000,176 | ---- | M] () -- C:\test.read
    [2012/05/10 12:36:18 | 000,000,680 | ---- | M] () -- C:\Users\New 2\AppData\Local\d3d9caps.dat
    [2012/05/03 15:27:18 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/03 15:27:18 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/01 10:14:07 | 000,000,583 | ---- | M] () -- C:\Users\New 2\Desktop\Powder - Shortcut.lnk
    [2012/04/27 18:18:48 | 001,759,744 | ---- | M] () -- C:\Users\New 2\Documents\Powder.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    File not found -- C:\Windows\System32\drivers\
    [2012/05/27 03:57:31 | 000,000,946 | ---- | C] () -- C:\Users\New 2\Desktop\Paint.NET.lnk
    [2012/05/26 19:34:44 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\AOL 9.0.lnk
    [2012/05/25 22:46:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/05/25 20:19:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/25 20:19:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/25 20:19:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/25 20:19:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/25 20:19:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/25 17:43:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/25 13:10:53 | 2951,032,832 | -HS- | C] () -- C:\hiberfil.sys
    [2012/05/24 23:01:58 | 002,792,123 | ---- | C] () -- C:\Program Files\RelevantKnowledge.arc
    [2012/05/13 17:14:19 | 000,000,176 | ---- | C] () -- C:\test.read
    [2012/05/01 10:13:26 | 000,000,583 | ---- | C] () -- C:\Users\New 2\Desktop\Powder - Shortcut.lnk
    [2012/05/01 10:13:16 | 001,759,744 | ---- | C] () -- C:\Users\New 2\Documents\Powder.exe
    [2012/04/21 09:12:35 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/02/19 16:03:26 | 000,000,680 | ---- | C] () -- C:\Users\New 2\AppData\Local\d3d9caps.dat
    [2011/12/28 14:46:58 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
    [2011/10/26 20:04:22 | 000,769,024 | ---- | C] () -- C:\Windows\System32\freeglut.dll
    [2011/10/22 20:23:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\glew32.dll
    [2011/10/22 20:23:30 | 000,315,392 | ---- | C] () -- C:\Windows\System32\glewinfo.exe
    [2011/10/22 20:23:30 | 000,229,376 | ---- | C] () -- C:\Windows\System32\glew32mx.dll
    [2011/10/22 20:23:30 | 000,212,992 | ---- | C] () -- C:\Windows\System32\visualinfo.exe
    [2011/10/21 11:49:42 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/10/21 11:49:42 | 000,137,779 | ---- | C] () -- C:\Windows\unins000.dat
    [2011/09/20 21:06:31 | 000,000,272 | ---- | C] () -- C:\Users\New 2\AppData\Roaming\.backup.dm
    [2011/09/06 12:34:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2011/09/02 12:48:29 | 000,000,260 | ---- | C] () -- C:\Users\New 2\AppData\Roaming\wklnhst.dat
    [2011/08/10 16:41:30 | 000,027,928 | ---- | C] () -- C:\Windows\System32\drivers\fileHiders.sys
    [2011/08/09 16:38:17 | 000,021,504 | ---- | C] () -- C:\Users\New 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/09 11:24:54 | 3604,782,426 | ---- | C] () -- C:\Program Files\LukeMoneybackup.rar
    [2011/07/12 22:11:32 | 000,000,807 | ---- | C] () -- C:\Program Files\.minecraft - Shortcut.lnk
    [2011/07/11 11:09:17 | 000,001,897 | ---- | C] () -- C:\Program Files\Blender.lnk
    [2011/07/11 10:59:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/07/11 10:57:56 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    [2011/07/11 10:57:56 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2011/06/22 16:19:03 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
    [2011/05/14 18:16:05 | 000,000,238 | ---- | C] () -- C:\Windows\w32demo8.ini
    [2011/04/25 16:21:38 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
    [2011/04/25 16:21:37 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
    [2011/04/01 08:30:41 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
    [2011/01/28 23:24:31 | 000,000,855 | ---- | C] () -- C:\Windows\aolback.exe.lnk
    [2011/01/28 23:21:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/20 20:13:24 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2010/11/20 19:02:24 | 000,028,314 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/11/20 19:02:17 | 000,028,314 | ---- | C] () -- C:\ProgramData\nvModes.dat

    ========== LOP Check ==========

    [2012/04/19 12:45:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2011/07/10 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Opera
    [2012/04/19 12:45:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2011/07/10 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Opera
    [2012/05/27 08:53:18 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\.minecraft
    [2012/05/07 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\BitTorrent
    [2011/11/14 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\DAEMON Tools Pro
    [2011/10/15 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Dev-Cpp
    [2011/10/12 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Firaxis Games
    [2011/10/08 13:54:29 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\FreeArc
    [2011/12/28 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\IObit
    [2011/10/28 10:51:58 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\My Games
    [2011/10/28 09:26:32 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Nokia
    [2011/10/12 21:09:52 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Notepad++
    [2011/12/27 14:17:32 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Opera
    [2011/09/09 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\PDFlite
    [2011/10/04 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\SanDisk
    [2011/11/14 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\syntevo
    [2011/09/02 12:48:30 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Template
    [2012/04/05 05:44:06 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\Tific
    [2012/02/04 01:08:01 | 000,000,000 | ---D | M] -- C:\Users\New 2\AppData\Roaming\WildTangent
    [2012/05/26 19:49:32 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/04/20 01:45:52 | 000,235,549 | ---- | M] () -- C:\ANG0
    [2008/08/04 11:03:40 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2011/04/20 01:46:25 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2012/05/25 23:49:51 | 000,009,352 | ---- | M] () -- C:\ComboFix.txt
    [2011/06/13 16:42:23 | 000,000,010 | RHS- | M] () -- C:\config.sys
    [2011/09/02 15:17:33 | 000,000,086 | ---- | M] () -- C:\Hello.txt
    [2012/05/26 19:50:58 | 2951,032,832 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/09 18:13:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/09/26 08:02:24 | 000,014,945 | ---- | M] () -- C:\list_of_program_files.txt
    [2010/12/09 18:13:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/05/26 19:50:56 | 2743,074,812 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/17 04:12:52 | 000,154,544 | ---- | M] () -- C:\splash.bmp
    [2012/05/25 14:46:23 | 000,139,470 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_25.05.2012_14.42.56_log.txt
    [2012/05/25 14:54:44 | 000,128,454 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_25.05.2012_14.52.34_log.txt
    [2012/05/13 17:14:19 | 000,000,176 | ---- | M] () -- C:\test.read
    [2010/12/22 12:14:45 | 726,827,008 | ---- | M] () -- C:\ubuntu.iso

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/07/01 12:42:18 | 000,000,807 | ---- | M] () -- C:\Program Files\.minecraft - Shortcut.lnk
    [2009/03/16 14:36:40 | 001,347,346 | ---- | M] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
    [2009/03/16 14:36:42 | 001,078,954 | ---- | M] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
    [2009/03/16 14:36:38 | 001,397,830 | ---- | M] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
    [2009/03/16 14:36:44 | 001,115,221 | ---- | M] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
    [2009/03/16 14:36:38 | 000,916,422 | ---- | M] () -- C:\Program Files\Apr2006_MDX1_x86.cab
    [2009/03/16 14:36:48 | 004,162,622 | ---- | M] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
    [2009/03/16 14:36:28 | 000,179,125 | ---- | M] () -- C:\Program Files\Apr2006_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,133,095 | ---- | M] () -- C:\Program Files\Apr2006_XACT_x86.cab
    [2009/03/16 14:36:16 | 000,087,093 | ---- | M] () -- C:\Program Files\Apr2006_xinput_x64.cab
    [2009/03/16 14:36:12 | 000,046,002 | ---- | M] () -- C:\Program Files\Apr2006_xinput_x86.cab
    [2009/03/16 14:36:34 | 000,698,612 | ---- | M] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
    [2009/03/16 14:36:32 | 000,695,857 | ---- | M] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
    [2009/03/16 14:36:38 | 001,607,358 | ---- | M] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
    [2009/03/16 14:36:38 | 001,606,039 | ---- | M] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
    [2009/03/16 14:36:26 | 000,195,758 | ---- | M] () -- C:\Program Files\APR2007_XACT_x64.cab
    [2009/03/16 14:36:26 | 000,151,225 | ---- | M] () -- C:\Program Files\APR2007_XACT_x86.cab
    [2009/03/16 14:36:20 | 000,096,817 | ---- | M] () -- C:\Program Files\APR2007_xinput_x64.cab
    [2009/03/16 14:36:14 | 000,053,302 | ---- | M] () -- C:\Program Files\APR2007_xinput_x86.cab
    [2009/03/16 14:36:42 | 001,350,534 | ---- | M] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
    [2009/03/16 14:36:42 | 001,077,644 | ---- | M] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
    [2009/03/16 14:36:26 | 000,182,895 | ---- | M] () -- C:\Program Files\AUG2006_XACT_x64.cab
    [2009/03/16 14:36:22 | 000,137,227 | ---- | M] () -- C:\Program Files\AUG2006_XACT_x86.cab
    [2009/03/16 14:36:16 | 000,087,134 | ---- | M] () -- C:\Program Files\AUG2006_xinput_x64.cab
    [2009/03/16 14:36:12 | 000,046,050 | ---- | M] () -- C:\Program Files\AUG2006_xinput_x86.cab
    [2009/03/16 14:36:36 | 000,852,278 | ---- | M] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
    [2009/03/16 14:36:34 | 000,796,859 | ---- | M] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
    [2009/03/16 14:36:48 | 001,800,152 | ---- | M] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
    [2009/03/16 14:36:38 | 001,708,144 | ---- | M] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
    [2009/03/16 14:36:28 | 000,198,088 | ---- | M] () -- C:\Program Files\AUG2007_XACT_x64.cab
    [2009/03/16 14:36:24 | 000,153,004 | ---- | M] () -- C:\Program Files\AUG2007_XACT_x86.cab
    [2009/03/16 14:36:38 | 000,867,604 | ---- | M] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
    [2009/03/16 14:36:36 | 000,849,159 | ---- | M] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
    [2009/03/16 14:36:48 | 001,794,076 | ---- | M] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
    [2009/03/16 14:36:38 | 001,464,664 | ---- | M] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
    [2009/03/16 14:36:20 | 000,121,824 | ---- | M] () -- C:\Program Files\Aug2008_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,093,004 | ---- | M] () -- C:\Program Files\Aug2008_XACT_x86.cab
    [2009/03/16 14:36:32 | 000,271,360 | ---- | M] () -- C:\Program Files\Aug2008_XAudio_x64.cab
    [2009/03/16 14:36:32 | 000,269,842 | ---- | M] () -- C:\Program Files\Aug2008_XAudio_x86.cab
    [2009/03/16 14:36:44 | 001,155,483 | ---- | M] () -- C:\Program Files\BDANT.cab
    [2009/03/16 14:36:38 | 000,975,148 | ---- | M] () -- C:\Program Files\BDAXP.cab
    [2011/07/11 11:09:17 | 000,001,897 | ---- | M] () -- C:\Program Files\Blender.lnk
    [2011/08/08 10:55:05 | 023,277,339 | ---- | M] (The Code::Blocks Team) -- C:\Program Files\codeblocks-10.05-setup.exe
    [2009/03/16 14:36:38 | 001,357,976 | ---- | M] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
    [2009/03/16 14:36:42 | 001,079,456 | ---- | M] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
    [2009/03/16 14:36:30 | 000,212,799 | ---- | M] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
    [2009/03/16 14:36:30 | 000,191,720 | ---- | M] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
    [2009/03/16 14:36:38 | 001,571,154 | ---- | M] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
    [2009/03/16 14:36:38 | 001,574,376 | ---- | M] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
    [2009/03/16 14:36:26 | 000,192,475 | ---- | M] () -- C:\Program Files\DEC2006_XACT_x64.cab
    [2009/03/16 14:36:22 | 000,145,591 | ---- | M] () -- C:\Program Files\DEC2006_XACT_x86.cab
    [2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2009/03/16 14:35:34 | 000,094,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
    [2009/03/16 14:36:16 | 001,691,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
    [2009/03/16 14:36:12 | 000,044,444 | ---- | M] () -- C:\Program Files\dxdllreg_x86.cab
    [2009/03/16 14:36:48 | 013,264,160 | ---- | M] () -- C:\Program Files\dxnt.cab
    [2009/03/16 14:35:46 | 000,525,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
    [2009/03/16 14:36:18 | 000,095,296 | ---- | M] () -- C:\Program Files\dxupdate.cab
    [2009/03/16 14:36:38 | 001,247,499 | ---- | M] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
    [2009/03/16 14:36:42 | 001,013,217 | ---- | M] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
    [2009/03/16 14:36:38 | 001,362,788 | ---- | M] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
    [2009/03/16 14:36:44 | 001,084,712 | ---- | M] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
    [2009/03/16 14:36:28 | 000,178,351 | ---- | M] () -- C:\Program Files\Feb2006_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,132,409 | ---- | M] () -- C:\Program Files\Feb2006_XACT_x86.cab
    [2009/03/16 14:36:26 | 000,194,675 | ---- | M] () -- C:\Program Files\FEB2007_XACT_x64.cab
    [2009/03/16 14:36:24 | 000,147,975 | ---- | M] () -- C:\Program Files\FEB2007_XACT_x86.cab
    [2009/03/16 14:36:38 | 001,335,994 | ---- | M] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
    [2009/03/16 14:36:42 | 001,064,917 | ---- | M] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
    [2009/03/16 14:36:28 | 000,180,777 | ---- | M] () -- C:\Program Files\JUN2006_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,133,663 | ---- | M] () -- C:\Program Files\JUN2006_XACT_x86.cab
    [2009/03/16 14:36:32 | 000,699,036 | ---- | M] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
    [2009/03/16 14:36:34 | 000,698,472 | ---- | M] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
    [2009/03/16 14:36:40 | 001,607,766 | ---- | M] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
    [2009/03/16 14:36:40 | 001,607,286 | ---- | M] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
    [2009/03/16 14:36:28 | 000,197,122 | ---- | M] () -- C:\Program Files\JUN2007_XACT_x64.cab
    [2009/03/16 14:36:24 | 000,152,909 | ---- | M] () -- C:\Program Files\JUN2007_XACT_x86.cab
    [2009/03/16 14:36:38 | 000,867,828 | ---- | M] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
    [2009/03/16 14:36:36 | 000,849,919 | ---- | M] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
    [2009/03/16 14:36:46 | 001,792,600 | ---- | M] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
    [2009/03/16 14:36:38 | 001,463,878 | ---- | M] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
    [2009/03/16 14:36:14 | 000,055,154 | ---- | M] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
    [2009/03/16 14:36:12 | 000,021,897 | ---- | M] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
    [2009/03/16 14:36:20 | 000,121,046 | ---- | M] () -- C:\Program Files\JUN2008_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,093,120 | ---- | M] () -- C:\Program Files\JUN2008_XACT_x86.cab
    [2009/03/16 14:36:32 | 000,269,620 | ---- | M] () -- C:\Program Files\JUN2008_XAudio_x64.cab
    [2009/03/16 14:36:32 | 000,269,016 | ---- | M] () -- C:\Program Files\JUN2008_XAudio_x86.cab
    [2011/08/09 11:02:45 | 3604,782,426 | ---- | M] () -- C:\Program Files\LukeMoneybackup.rar
    [2009/03/16 14:36:34 | 000,844,884 | ---- | M] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
    [2009/03/16 14:36:34 | 000,818,252 | ---- | M] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
    [2009/03/16 14:36:46 | 001,769,854 | ---- | M] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
    [2009/03/16 14:36:38 | 001,443,282 | ---- | M] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
    [2009/03/16 14:36:14 | 000,055,058 | ---- | M] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
    [2009/03/16 14:36:12 | 000,021,867 | ---- | M] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
    [2009/03/16 14:36:20 | 000,122,328 | ---- | M] () -- C:\Program Files\Mar2008_XACT_x64.cab
    [2009/03/16 14:36:20 | 000,093,726 | ---- | M] () -- C:\Program Files\Mar2008_XACT_x86.cab
    [2009/03/16 14:36:30 | 000,251,194 | ---- | M] () -- C:\Program Files\Mar2008_XAudio_x64.cab
    [2009/03/16 14:36:30 | 000,226,242 | ---- | M] () -- C:\Program Files\Mar2008_XAudio_x86.cab
    [2009/03/16 14:36:42 | 001,067,160 | ---- | M] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
    [2009/03/16 14:36:42 | 001,040,745 | ---- | M] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
    [2009/03/16 14:36:48 | 001,973,694 | ---- | M] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
    [2009/03/16 14:36:38 | 001,612,446 | ---- | M] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
    [2009/03/16 14:36:12 | 000,054,592 | ---- | M] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
    [2009/03/16 14:36:10 | 000,021,298 | ---- | M] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
    [2009/03/16 14:36:20 | 000,121,498 | ---- | M] () -- C:\Program Files\Mar2009_XACT_x64.cab
    [2009/03/16 14:36:16 | 000,092,732 | ---- | M] () -- C:\Program Files\Mar2009_XACT_x86.cab
    [2009/03/16 14:36:30 | 000,275,036 | ---- | M] () -- C:\Program Files\Mar2009_XAudio_x64.cab
    [2009/03/16 14:36:30 | 000,273,010 | ---- | M] () -- C:\Program Files\Mar2009_XAudio_x86.cab
    [2009/03/16 14:36:36 | 000,864,592 | ---- | M] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
    [2009/03/16 14:36:34 | 000,803,884 | ---- | M] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
    [2009/03/16 14:36:46 | 001,802,050 | ---- | M] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
    [2009/03/16 14:36:44 | 001,709,352 | ---- | M] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
    [2009/03/16 14:36:12 | 000,046,144 | ---- | M] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
    [2009/03/16 14:36:12 | 000,018,488 | ---- | M] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
    [2009/03/16 14:36:28 | 000,196,754 | ---- | M] () -- C:\Program Files\NOV2007_XACT_x64.cab
    [2009/03/16 14:36:22 | 000,148,264 | ---- | M] () -- C:\Program Files\NOV2007_XACT_x86.cab
    [2009/03/16 14:36:42 | 000,994,146 | ---- | M] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
    [2009/03/16 14:36:38 | 000,965,413 | ---- | M] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
    [2009/03/16 14:36:48 | 001,906,870 | ---- | M] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
    [2009/03/16 14:36:38 | 001,550,796 | ---- | M] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
    [2009/03/16 14:36:12 | 000,055,110 | ---- | M] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
    [2009/03/16 14:36:12 | 000,021,836 | ---- | M] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
    [2009/03/16 14:36:20 | 000,121,746 | ---- | M] () -- C:\Program Files\Nov2008_XACT_x64.cab
    [2009/03/16 14:36:18 | 000,092,688 | ---- | M] () -- C:\Program Files\Nov2008_XACT_x86.cab
    [2009/03/16 14:36:34 | 000,273,990 | ---- | M] () -- C:\Program Files\Nov2008_XAudio_x64.cab
    [2009/03/16 14:36:32 | 000,273,203 | ---- | M] () -- C:\Program Files\Nov2008_XAudio_x86.cab
    [2009/03/16 14:36:16 | 000,086,029 | ---- | M] () -- C:\Program Files\Oct2005_xinput_x64.cab
    [2009/03/16 14:36:12 | 000,045,359 | ---- | M] () -- C:\Program Files\Oct2005_xinput_x86.cab
    [2009/03/16 14:36:38 | 001,412,894 | ---- | M] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
    [2009/03/16 14:36:42 | 001,127,209 | ---- | M] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
    [2009/03/16 14:36:28 | 000,182,361 | ---- | M] () -- C:\Program Files\OCT2006_XACT_x64.cab
    [2009/03/16 14:36:22 | 000,138,017 | ---- | M] () -- C:\Program Files\OCT2006_XACT_x86.cab
    [2012/05/24 23:02:07 | 002,792,123 | ---- | M] () -- C:\Program Files\RelevantKnowledge.arc

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2011/06/28 12:02:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Windows\system32\config\systemprofile\Minecraft.exe
    [2011/09/15 15:27:46 | 132,557,403 | ---- | M] () -- C:\Windows\system32\config\systemprofile\minecraft3.zip

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/30 09:50:29 | 000,000,286 | -HS- | M] () -- C:\Users\New 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/27 06:42:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\New 2\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/27 07:44:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/27 08:44:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/26 19:51:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/05/26 19:49:32 | 000,032,576 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2011/09/25 12:17:15 | 000,000,000 | ---- | M] () -- C:\Users\New 2\cmd.exe
    [2011/09/25 12:17:29 | 000,000,000 | ---- | M] () -- C:\Users\New 2\Rar.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/08/09 11:37:55 | 000,000,402 | -HS- | M] () -- C:\Users\New 2\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/04 11:20:31 | 000,000,372 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2012/05/25 22:46:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/23 07:29:16 | 000,028,314 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B11E0DF
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:553CA6CA
    < End of report >
  11. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Extras log:

    OTL Extras logfile created on: 5/27/2012 8:56:23 AM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\New 2\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.53% Memory free
    21.22 Gb Paging File | 20.43 Gb Available in Paging File | 96.29% Paging File free
    Paging file location(s): c:\pagefile.sys 19000 20000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.03 Gb Total Space | 37.52 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
    Drive D: | 9.85 Gb Total Space | 0.48 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
    Drive E: | 80.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.45 Gb Total Space | 4.81 Gb Free Space | 64.56% Space Free | Partition Type: FAT32

    Computer Name: LUKEMONEY-PC | User Name: New 2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00534D00-2BDB-49F0-AD01-0997FF2AA721}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{32BF9E20-F845-42F7-9A68-1C4231390FE4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{3BCFC4D9-832F-498C-9B9D-82A93CF4A59F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3EAB6D7B-F937-4D1B-93D2-ED108EBF6BBD}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{4A7F1734-6C15-457D-A897-A2E96DC488A2}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{54C1225A-1345-4FF5-B66B-C68CF2B9C318}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{5DE4E02A-5CB9-4EDB-8698-D602C9C7FD3F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{5EABE406-DD5A-463D-A739-B5A9EF23D96E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{64068C16-068D-4765-9A7B-E1D50457FAA7}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{6BE4EB2D-6B9C-42FA-96CD-F49A65811010}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{82A8CA1D-B6B0-4ED3-9925-98FA898ADBF4}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{8349D2CE-786C-4BAE-BF0B-6EA9D47B7885}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{8D48D32F-7342-4A15-BAC0-B8A9E5269DB3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{A007898B-0B59-4F42-8A3D-D5B1758D76A5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{A17EE75F-5584-4DA8-BEBC-3F25BECC8407}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{A292A594-2B13-49D8-8DFD-9FD34F8154FD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{AAC6489B-2AD2-49F2-995F-668703E0DAA3}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{AB68A564-D3CB-47A8-BEAA-2BEC71D6AF39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BADB1F44-D0B6-434B-9A00-AC8EF2A2E8D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BB9606CB-1125-4AEB-946D-A3261EE2CC7F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{C4DD3B4B-62E8-4AE2-8255-0D206CC45AD1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{D34793F7-FF5A-4784-B19B-232DEA392F45}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{E5217972-ECDF-4F2A-AAA1-65A82C5087D9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{E94D9929-614A-44DD-B468-BC0F7DAB42E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E98CBA1A-9266-43CA-B95C-17348F03F3CF}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{EE3B1B97-44A4-41FF-880D-A525759588FE}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{FBAB2E78-8639-43FF-A7B7-51C72FB6C8BC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{FF35F349-2AA3-40DE-AB87-DC3DFE505F3D}" = lport=5357 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01D37B36-F6B7-4CCB-A660-F93F2BE4AF21}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{03A2247E-9D53-4AF0-82D1-BD49B319A090}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{04C9A3FB-E718-4F92-9A0D-45062BB4D190}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{0BA9D40F-C10C-48A8-8023-708B3FD30ADB}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
    "{0F2239D3-35BB-4DE3-99B4-877600D6AF5B}" = protocol=6 | dir=in | app=c:\program files\aol\rc\regclient.exe |
    "{1451DA94-DF9E-4F71-815F-35288E48C3FE}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{18627F51-10FA-47D4-8B18-F97C02DA969B}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{1A71BA77-F2B9-4581-807D-235557DD294B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{1B494306-0B03-4257-9352-480AF86CCF48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{2188341A-15A3-4FF2-943F-4CA953086DCB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{21B5062C-2227-4D51-854C-2775046C4B7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{28AA8D75-C136-4DF4-AA80-69806F2DECBF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{28E8006C-BFF2-4417-89D4-8753DB37406A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{360E3640-FB26-4DEF-8288-8B53B8EBB28A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3B036938-D5C3-432B-9DDD-3957ACD88AEB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{3C50DCBA-396D-4284-8C72-68EEA6AD5F58}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{43B84C99-1227-41AB-B2E8-1FB42585E512}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{4B2467A1-21BD-49E8-95B7-C938713B44C8}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{4FD93875-1209-4BB3-8CB8-11C892E8B6D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{542B8CA9-69A2-4C28-ABD1-57EC3CBB2102}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{651EC8DD-CDC7-4EF1-BA9A-C9AF61893FC4}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{6F373A4A-2CAE-425F-8890-EB670876C6E8}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{845DF846-94E6-433B-9646-2B48C9091169}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2\justcause2.exe |
    "{8A7BF012-4516-48CE-B87E-A429C2ABB06A}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{8BA0E296-1645-4919-8DB8-21ED61187D49}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{97E66FF5-3438-40EC-9E4B-6F4C3F24CD49}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2\justcause2.exe |
    "{98E4B586-7103-415D-BFCC-B1219409E394}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{9DC2971F-F341-4DD3-BFB8-403330EC8D37}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{A66C1883-A22D-464C-9CE8-89EE32D8F2E3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{B82CAC54-3C00-4061-9428-1693F0B755DE}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
    "{B9157BAE-7BB4-4B48-93D7-BE82AEE4D60B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{BD019945-67E3-45A8-896D-ABCE0EF46A42}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1296282136\ee\aolsoftware.exe |
    "{C050B35F-3D78-4FFF-A9B8-56012861D28F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{C1047B04-7BDE-481E-9B63-CEADE172CE56}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{C8796A27-2876-4243-8E97-7272DF0B2D7A}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{CE417CC2-006D-44BC-B33A-291B02416FCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D7C834FE-2693-4E42-80D4-368E46AA309A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{D801FF3A-6ADD-4CD3-953A-E6F0B804981A}" = protocol=17 | dir=in | app=c:\program files\aol\rc\regclient.exe |
    "{D95F7C24-A8B9-4B45-871E-84680391AD52}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{DB52F980-4D80-41A6-B801-EB9A60F15ABF}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{DC7C9431-15C8-4162-83D3-C77F311399DB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{DC811329-1FE7-4FFD-9E47-B0FE50D3ADB3}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{E355F8F8-82D9-4C10-B156-C47C201DDA23}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1296282136\ee\aolsoftware.exe |
    "{E3E1790B-C53D-40C2-AE48-54AF71FBA5FF}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{E59A6F0C-2597-4798-8539-72E06F152908}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{EAAE4A5C-A6C9-4171-A7B6-26D38810C6D5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{F560C87E-FCF1-44C8-BA22-DAECE899B3C6}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "TCP Query User{04A027BA-4F45-49EF-A34F-3342A3576F9F}C:\users\luke money\appdata\local\temp\pyla6b.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\luke money\appdata\local\temp\pyla6b.tmp\pyrun.exe |
    "TCP Query User{271C16BC-C061-4816-AFE9-57885821B45B}C:\programdata\youtube downloader\ytd_installer.exe" = protocol=6 | dir=in | app=c:\programdata\youtube downloader\ytd_installer.exe |
    "TCP Query User{33C5E7AB-AB47-4A56-93D6-814E515972A8}C:\program files\iobit\game booster\autoupdate.exe" = protocol=6 | dir=in | app=c:\program files\iobit\game booster\autoupdate.exe |
    "TCP Query User{34A4ADE5-790C-490F-858D-212AC4071542}C:\program files\iobit\advanced systemcare 4\free-software-downloader.exe" = protocol=6 | dir=in | app=c:\program files\iobit\advanced systemcare 4\free-software-downloader.exe |
    "TCP Query User{387281BB-CF8B-4794-B74B-557560D956A8}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{517330D4-4BDC-43B3-9626-BA1CBB2FB2CD}C:\users\new 2\appdata\local\temp\is-osgfv.tmp\setup.tmp" = protocol=6 | dir=in | app=c:\users\new 2\appdata\local\temp\is-osgfv.tmp\setup.tmp |
    "TCP Query User{60433A90-C713-44B6-BBF5-3565F1CF7C55}C:\users\new 2\appdata\local\opera\opera\temporary_downloads\install_flashplayer11x32_chrd_aih.exe" = protocol=6 | dir=in | app=c:\users\new 2\appdata\local\opera\opera\temporary_downloads\install_flashplayer11x32_chrd_aih.exe |
    "TCP Query User{624E483D-A49C-42A1-9AB2-DF92D3A05158}C:\users\new 2\appdata\local\temp\icd1.tmp\fp_ax_cab_installer64.exe" = protocol=6 | dir=in | app=c:\users\new 2\appdata\local\temp\icd1.tmp\fp_ax_cab_installer64.exe |
    "TCP Query User{813A5FDE-6DBA-4A5F-8F1A-68D98C47EEB4}C:\users\new 2\appdata\local\temp\install_flashplayer11x32_chrd_aih.exe" = protocol=6 | dir=in | app=c:\users\new 2\appdata\local\temp\install_flashplayer11x32_chrd_aih.exe |
    "TCP Query User{8CB1A967-1F1B-462A-82D2-6D0529B952CF}C:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
    "TCP Query User{8FFB9E27-37E8-4925-AD08-CD291C41F0C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{904ECC4B-6409-4936-B57D-72629B7FED37}C:\users\new 2\appdata\local\temp\is-u119b.tmp\adguiem.exe" = protocol=6 | dir=in | app=c:\users\new 2\appdata\local\temp\is-u119b.tmp\adguiem.exe |
    "TCP Query User{938865CD-1010-473F-9F58-A25926AD27BC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
    "TCP Query User{B95EB9C5-C4A8-4CE4-BCC9-1C582DCA0EF8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{BAA4D59C-41F8-40AE-9848-7CD5C85B4694}C:\program files\common files\microsoft shared\office12\office setup controller\setup.exe" = protocol=6 | dir=in | app=c:\program files\common files\microsoft shared\office12\office setup controller\setup.exe |
    "TCP Query User{BD37B281-C7E1-4B62-B9A3-FF915742C8C8}C:\program files\norton internet security\engine\18.1.0.37\hsplayer.exe" = protocol=6 | dir=in | app=c:\program files\norton internet security\engine\18.1.0.37\hsplayer.exe |
    "TCP Query User{C83D27F0-AFFD-4426-AF5A-2F7B7CFC5F5D}C:\windows\help\oem\scripts\hphs_launcher.exe" = protocol=6 | dir=in | app=c:\windows\help\oem\scripts\hphs_launcher.exe |
    "TCP Query User{CB2DF43A-558D-47DC-B100-D5A7AC34EE08}C:\users\luke money\appdata\local\temp\pyl8839.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\luke money\appdata\local\temp\pyl8839.tmp\pyrun.exe |
    "TCP Query User{CBD42868-7CF3-4E0A-A02F-3C00C1D8C3B6}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
    "TCP Query User{DC6D157B-DB37-4B97-962D-724755F25E7B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{E5BBE966-4B4B-4722-953E-75438E71532B}C:\program files\youtube downloader\youtubedownloader.exe" = protocol=6 | dir=in | app=c:\program files\youtube downloader\youtubedownloader.exe |
    "TCP Query User{ECADA7C0-63CF-4C92-A2E5-D6EA3869B6B4}C:\windows\system32\macromed\shockwave 10\swhelper_1020023.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\shockwave 10\swhelper_1020023.exe |
    "TCP Query User{F5EBC5CF-89F1-42C6-8F3D-DFC57AEDDE12}C:\program files\iobit\game booster\gamebooster.exe" = protocol=6 | dir=in | app=c:\program files\iobit\game booster\gamebooster.exe |
    "TCP Query User{F7F7369F-329F-43E2-A6C5-C6DCC7A92036}C:\program files\steam\steamerrorreporter.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamerrorreporter.exe |
    "UDP Query User{00DAD29E-E1B7-48D1-9CE0-146A7649BDB6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{02428CF2-8B1B-4E62-8C8C-698211EF9C9B}C:\windows\system32\macromed\shockwave 10\swhelper_1020023.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\shockwave 10\swhelper_1020023.exe |
    "UDP Query User{08778980-93D9-453A-A03F-9DF866524A87}C:\programdata\youtube downloader\ytd_installer.exe" = protocol=17 | dir=in | app=c:\programdata\youtube downloader\ytd_installer.exe |
    "UDP Query User{0C8B5EBE-FBE3-43DA-B4DB-813B8BE1B6F1}C:\program files\iobit\advanced systemcare 4\free-software-downloader.exe" = protocol=17 | dir=in | app=c:\program files\iobit\advanced systemcare 4\free-software-downloader.exe |
    "UDP Query User{2293A473-2264-4352-BAF7-8C75869CD0A3}C:\program files\youtube downloader\youtubedownloader.exe" = protocol=17 | dir=in | app=c:\program files\youtube downloader\youtubedownloader.exe |
    "UDP Query User{2346B676-4F86-4ED5-B2F1-BA5469942D64}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{29AB1C21-01FD-4C07-9DF8-314ED3494BDF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{31E5DD7A-4444-4B1A-87B2-6C124D7985EC}C:\program files\iobit\game booster\gamebooster.exe" = protocol=17 | dir=in | app=c:\program files\iobit\game booster\gamebooster.exe |
    "UDP Query User{3EFC6C73-0494-4D0F-A90F-941548BE2D1B}C:\program files\norton internet security\engine\18.1.0.37\hsplayer.exe" = protocol=17 | dir=in | app=c:\program files\norton internet security\engine\18.1.0.37\hsplayer.exe |
    "UDP Query User{443CED24-D1F8-4FD2-98D1-8ED8C08C1D78}C:\users\new 2\appdata\local\temp\icd1.tmp\fp_ax_cab_installer64.exe" = protocol=17 | dir=in | app=c:\users\new 2\appdata\local\temp\icd1.tmp\fp_ax_cab_installer64.exe |
    "UDP Query User{5A4763EE-B112-460B-92AD-2993D6F70B50}C:\users\luke money\appdata\local\temp\pyla6b.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\luke money\appdata\local\temp\pyla6b.tmp\pyrun.exe |
    "UDP Query User{5DF85AE3-70C7-4774-8092-F861AF69A224}C:\program files\steam\steamerrorreporter.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamerrorreporter.exe |
    "UDP Query User{6ACCFFCE-BE56-4F6F-A987-638B1874356B}C:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
    "UDP Query User{6C31B8C0-8494-441A-983F-73205D575107}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
    "UDP Query User{78810FBA-851F-4364-8FF0-BE879B0F87A2}C:\windows\help\oem\scripts\hphs_launcher.exe" = protocol=17 | dir=in | app=c:\windows\help\oem\scripts\hphs_launcher.exe |
    "UDP Query User{8A7B150A-E142-4A83-9732-36B642E94658}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{946998C7-3FA0-4D29-B5A6-FBC5F0F0B1EC}C:\program files\common files\microsoft shared\office12\office setup controller\setup.exe" = protocol=17 | dir=in | app=c:\program files\common files\microsoft shared\office12\office setup controller\setup.exe |
    "UDP Query User{B310BFF2-E5B4-46ED-925A-398D2E2234AD}C:\users\luke money\appdata\local\temp\pyl8839.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\luke money\appdata\local\temp\pyl8839.tmp\pyrun.exe |
    "UDP Query User{D54DDBAB-511F-4855-A068-CE87F6D1766B}C:\program files\iobit\game booster\autoupdate.exe" = protocol=17 | dir=in | app=c:\program files\iobit\game booster\autoupdate.exe |
    "UDP Query User{D5B68500-4B60-401E-AE40-E9B20986B4B3}C:\users\new 2\appdata\local\temp\is-osgfv.tmp\setup.tmp" = protocol=17 | dir=in | app=c:\users\new 2\appdata\local\temp\is-osgfv.tmp\setup.tmp |
    "UDP Query User{D7A0B6D1-9733-4BFD-B502-D51F11D5BB2E}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
    "UDP Query User{F5CAB8E8-B507-4CAF-9EF9-8E12B603F7D3}C:\users\new 2\appdata\local\temp\is-u119b.tmp\adguiem.exe" = protocol=17 | dir=in | app=c:\users\new 2\appdata\local\temp\is-u119b.tmp\adguiem.exe |
    "UDP Query User{F5F0F35F-5408-4F84-9668-32485335E1EF}C:\users\new 2\appdata\local\temp\install_flashplayer11x32_chrd_aih.exe" = protocol=17 | dir=in | app=c:\users\new 2\appdata\local\temp\install_flashplayer11x32_chrd_aih.exe |
    "UDP Query User{FCD8B45C-4181-465F-81D5-73C38A1EB2ED}C:\users\new 2\appdata\local\opera\opera\temporary_downloads\install_flashplayer11x32_chrd_aih.exe" = protocol=17 | dir=in | app=c:\users\new 2\appdata\local\opera\opera\temporary_downloads\install_flashplayer11x32_chrd_aih.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}" = Verizon Wireless MiFi-2200 Firmware Updates
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
    "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
    "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
    "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
    "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
    "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
    "{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1" = Limewire Plus+ 1.0.1.8082
    "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{60698F64-015F-4432-B7BF-6FDC656F3A59}" = PCKeeper
    "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
    "{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Quick Web Player
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.494.0
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
    "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
    "{AC3F9FEE-1A44-4FCE-BD72-BD27D4BC6279}" = Microsoft XNA Game Studio Platform Tools
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
    "{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
    "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
    "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
    "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIM_7" = AIM 7
    "Algodoo Experimental_is1" = Algodoo v1.8.5
    "Algodoo_is1" = Algodoo v2.0.2 b1
    "AOL Regclient" = AOL Registration
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "BitTorrent" = BitTorrent
    "Blender" = Blender (remove only)
    "BlenderNIFScripts" = Blender NIF Scripts (remove only)
    "CMake" = CMake 2.8, a cross-platform, open-source build system
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "DragonUnPACKer5_is1" = Dragon UnPACKer 5
    "EasyBCD" = EasyBCD 2.0
    "Fraps" = Fraps
    "FreeArc" = FreeArc 0.666
    "Game Booster_is1" = Game Booster 3
    "Google Chrome" = Google Chrome
    "Havij_is1" = Havij 1.14 Free
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HOTLLAMA Media Player" = HOTLLAMA Media Player
    "How to make Modifications for Games in general_is1" = How to make Modifications for Games in general 1.001
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "John Deere American Builder Deluxe_is1" = John Deere American Builder Deluxe
    "John Deere American Farmer Deluxe_is1" = John Deere American Farmer Deluxe
    "Liquid_War_6" = Liquid War 6 0.0.10beta
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "MMDS 0.02" = MMDS 0.02
    "Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
    "nbi-glassfish-mod-3.1.43.0.0" = GlassFish Server Open Source Edition 3.1
    "nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
    "NIS" = Norton Internet Security
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Opera 11.62.1347" = Opera 11.62
    "Plants vs. Zombies" = Plants vs. Zombies
    "PowerISO" = PowerISO
    "PyFFI" = PyFFI 2.1.11
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpeedBit Video Downloader" = SpeedBit Video Downloader
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 65900" = Sid Meier's Civilization V - Demo
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WildTangent hp Master Uninstall" = My HP Games
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "CodeBlocks" = CodeBlocks
    "Qt SDK" = Qt SDK
    "Sins of a Solar Empire" = Sins of a Solar Empire
    "Virtual Villagers - The Lost Children" = Virtual Villagers - The Lost Children (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/26/2012 2:24:53 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:53 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:54 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:54 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:55 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:55 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:55 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 2:24:56 AM | Computer Name = LukeMoney-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 5/26/2012 7:31:54 PM | Computer Name = LukeMoney-PC | Source = Application Hang | ID = 1002
    Description = The program Cracked Steam.tmp version 51.51.0.0 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: cdc Start Time: 01cd3b97b1633a3c Termination Time: 0

    Error - 5/26/2012 8:58:59 PM | Computer Name = LukeMoney-PC | Source = VSS | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 4/25/2011 2:51:44 PM | Computer Name = LukeMoney-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/7/2011 12:00:15 AM | Computer Name = LukeMoney-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    Error - 6/7/2011 12:12:00 AM | Computer Name = LukeMoney-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    [ OSession Events ]
    Error - 10/2/2011 7:07:27 PM | Computer Name = LukeMoney-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/26/2010 4:10:48 PM | Computer Name = LukeMoney-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:24:39 PM on 11/25/2010 was unexpected.

    Error - 11/26/2010 4:10:51 PM | Computer Name = LukeMoney-PC | Source = HTTP | ID = 15016
    Description =

    Error - 11/26/2010 4:12:12 PM | Computer Name = LukeMoney-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/27/2010 12:36:47 AM | Computer Name = LukeMoney-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 12:37:03 AM | Computer Name = LukeMoney-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 12:38:02 AM | Computer Name = LukeMoney-PC | Source = HTTP | ID = 15016
    Description =

    Error - 11/27/2010 12:38:43 AM | Computer Name = LukeMoney-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/27/2010 12:50:01 AM | Computer Name = LukeMoney-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 12:50:14 AM | Computer Name = LukeMoney-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 12:50:46 AM | Computer Name = LukeMoney-PC | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    I can see some Webroot and some Norton there.
    Which one is your AV program?

    Which brings another question....how can you keep your AV program updated without internet connection?
  13. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Well I tried to install both of them to get rid of the viruses. But norton required an internet connection to activate it so that was a no go. Then when I installed webroot that virus broke every time I tried. I also had avast way before but the virus stopped that from working too. So if I had any antivirus software at the time they were not updated after the virus disabled my internet. Leaving my pc defenceless.
  14. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    I'm little bit confused.
    What kind of internet connection were you using before?
    There is no reason the very same connection shouldn't be working now.
    Your settings are fine.
  15. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Sometimes I go to my friends house with my laptop. That connection worked fine for awhile until the virus stopped me from using the internet. I also have dial up at home. It has to be connected through the aol software. But I could not connect through that because the virus broke the aol program. Now I reinstalled the aol program and the virus did not break it again. (hopefully because it is gone.), now aol won't connect to the internet but I think it is just a problem with the aol software since its old. So I think that the internet on my laptop is working now. But the only way to be sure is to wait till I go to my friends house and try to connect to there internet and dee if its just a problem with the aol software. What should I do till the nshoudl I reinstall so games to see if the virus is there to break them. Or could that make it take over my pc again. It will be a month or more until I go to my friends house.
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Please run Norton Removal tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
    Post new OTL log.
    Only one log will be produced.

    We'll finish what we can but for couple of final steps I'll want you to be at your friend's house.
    I'll let you know when to reinstall whatever you want to reinstall.
  17. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Still with me?
  18. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Yup, sorry I was away for a while I'm back now ill download the norton removal tool and run otl again.
  19. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    I tried to download the norton removal tool from major geeks.com like you told me and symantecs website but where ever I download it, it just stops downloading half way and says the downloads done. When I run the program it says it corrupt. What should I do?
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  21. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Ok it downloaded ill work on the log.
  22. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    When I brought norton removal tool to my infected computer it just said it was corrupt again when I ran it.
  23. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Also explorer.exe is doing this thing it used to do. When im in task manager it shows that explorer.exe is using 90 to 100 percent of my cpu speed. I could fix it by turning explorer off and then turning it back on. But my computer would still run slower after. It hasn't done this for months, could a virus have done this or are they most likely off my computer?
  24. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Uninstall both Norton and Webroot....

    Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

    Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
    • Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on the program you want to remove
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • When the built-in uninstaller is finished click on Next
    • Once the program has searched for leftovers click Next.
    • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
    • When prompted click on Yes and then on Next.
    • Put a check on any folders that are found and select Delete
    • When prompted select Yes then Next
    • Once done click Finish.
  25. Havingphun

    Havingphun TechSpot Member Topic Starter Posts: 84

    Well I'm at my friends house now and I don't have my flash drive so ill have to download revo later. I tried connecting to the internet and when I tried to load a website it just said the connection was cancelled by a remote server, could that server be the virus? What can I do while I'm here?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.