TechSpot

Pretty sure I have Rootkit.ZeroAccess on my computer

Solved
By Syreynna
Jun 25, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Yes, you need SeaTools for DOS (.iso) file.
    Download it and create bootable CD using instructions from my reply #66
     
  2. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Alrighty, I've got it
     
  3. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I have it booted up. I picked to run a basic - long test on the hard drive. Just waiting for it to finish.
     
  4. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I ran the long test and it auto ran the short test and it says that the hard drive passed both tests.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Do you have Windows XP CD?
     
  6. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    That would be the disc that is orange and shiny and says Microsoft windows xp professional (includes sp 2 version 2002), yes? If not then nope. If that isn't it then what is it supposed to look like :x ?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,594   +267

  8. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I got an error that says: setup did not find any hard disk drives installed in your computer. I already read a little about SATA (serial ATA) controllers and I checked my drives in bios. It says they are both SATA w/serial ATA controllers. So I think I have some idea of what I think I have to do next. I would appreciate you telling me for sure though :)
     
  9. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    I'm not really a hardware guys so please create new topic about this issue in Windows XP forum.
    I'll keep this topic open.
     
  10. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Alright :) I shall be back! Thank you so very much for all the help so far! :)
     
  11. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    You're very welcome [​IMG]
     
     
  12. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I never got any reply on any other forum posts I made so I just switched over the driver to raid/ata based off a tutorial and that let it work. Yay, no more BSOD :) My problem is now trying to get the XP firewall and MSE to work before going online to do updates and stuff since it said it would undo stuff with the repair install.. but I'm getting more errors. Error being "windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Service?" When I got those 2 problems before I just did a fresh install of MSE(cant do because no firewall so don't want to go online) and reset the firewall when I still had the virus. I guess the virus is still here unless not having the service pack 3 is screwing with stuff... What should I do this time though?
    Edit: I went into the services and tried to manually get the firewall/ICS to start by pressing start(It's stopped) and I got: "error 1075: the dependency service does not exist or has been marked for deletion."
     
  13. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Good news :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    ComboFix 12-07-02.01 - Admin1 07/03/2012 20:27:27.1.2 - x86
    Running from: c:\documents and settings\Admin1\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\SET27E.tmp
    c:\windows\system32\SET281.tmp
    .
    Infected copy of c:\windows\system32\drivers\agp440.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 00:26 . 2008-04-13 18:3642368----a-w-c:\windows\system32\drivers\OLD9.tmp
    2012-07-04 00:26 . 2012-07-04 00:26--------d-----w-c:\windows\LastGood
    2012-07-03 04:58 . 2012-07-03 04:58--------d-----w-c:\documents and settings\Admin1\Local Settings\Application Data\PCHealth
    2012-07-03 04:49 . 2012-05-31 00:416762896----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0274356-EF04-4A07-93D4-BE796B175DC2}\mpengine.dll
    2012-07-03 04:40 . 2004-08-04 12:009728-c--a-w-c:\windows\system32\dllcache\query.exe
    2012-07-03 04:39 . 2004-08-04 12:0013463552-c--a-w-c:\windows\system32\dllcache\hwxjpn.dll
    2012-07-03 04:38 . 2004-08-04 12:00108544-c--a-w-c:\windows\system32\dllcache\appconf.dll
    2012-07-03 04:37 . 2004-08-04 12:00221184----a-w-c:\windows\system32\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:0016384-c--a-w-c:\windows\system32\dllcache\isignup.exe
    2012-07-03 04:35 . 2004-08-04 12:0016384----a-w-c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2012-07-03 04:35 . 2004-08-04 12:00364544-c--a-w-c:\windows\system32\dllcache\npdsplay.dll
    2012-07-03 04:35 . 2004-08-04 12:00364544----a-w-c:\program files\Windows Media Player\npdsplay.dll
    2012-07-03 04:35 . 2004-08-04 12:00226816-c--a-w-c:\windows\system32\dllcache\npdrmv2.dll
    2012-07-03 04:35 . 2004-08-04 12:00226816----a-w-c:\program files\Windows Media Player\npdrmv2.dll
    2012-07-03 04:35 . 2004-08-04 12:00221184-c--a-w-c:\windows\system32\dllcache\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:00221184----a-w-c:\program files\Windows Media Player\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:0010240-c--a-w-c:\windows\system32\dllcache\npwmsdrm.dll
    2012-07-03 04:35 . 2004-08-04 12:0010240----a-w-c:\program files\Windows Media Player\npwmsdrm.dll
    2012-07-03 04:35 . 2004-08-04 12:004639-c--a-w-c:\windows\system32\dllcache\mplayer2.exe
    2012-07-03 04:35 . 2004-08-04 12:004639----a-w-c:\program files\Windows Media Player\mplayer2.exe
    2012-07-03 04:33 . 2004-08-04 12:007680-c--a-w-c:\windows\system32\dllcache\migregdb.exe
    2012-07-03 04:14 . 2004-08-04 12:0024661-c--a-w-c:\windows\system32\dllcache\spxcoins.dll
    2012-07-03 04:14 . 2004-08-04 12:0024661----a-w-c:\windows\system32\spxcoins.dll
    2012-07-03 04:14 . 2004-08-04 12:0013312-c--a-w-c:\windows\system32\dllcache\irclass.dll
    2012-07-03 04:14 . 2004-08-04 12:0013312----a-w-c:\windows\system32\irclass.dll
    2012-07-03 04:14 . 2004-08-04 12:0013753----a-r-c:\windows\SET1C4.tmp
    2012-07-03 04:14 . 2004-08-04 12:001086058----a-r-c:\windows\SET1B8.tmp
    2012-07-03 04:14 . 2004-08-04 12:001042903----a-r-c:\windows\SET1B5.tmp
    2012-06-27 18:42 . 2012-06-27 18:42--------d-----w-C:\found.000
    2012-06-26 21:38 . 2012-06-27 12:15--------d-----w-C:\FRST
    2012-06-26 03:42 . 2004-08-04 03:0742368-c--a-w-c:\windows\system32\dllcache\agp440.sys
    2012-06-26 03:42 . 2004-08-04 03:0742368----a-w-c:\windows\system32\drivers\agp440.sys
    2012-06-25 20:16 . 2012-06-25 20:17--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-06-25 20:16 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-25 03:04 . 2012-06-25 03:04--------d-----w-c:\documents and settings\Admin1\Application Data\SunRay Games
    2012-06-25 02:50 . 2012-06-25 02:50--------d-----w-c:\windows\Mystic Diary 3 - Missing Pages With Guide
    2012-06-25 01:56 . 2012-05-31 00:416762896----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-25 01:05 . 2012-06-25 01:0598992----a-w-c:\windows\system32\drivers\60941195.sys
    2012-06-24 23:27 . 2012-06-24 23:27--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-24 06:05 . 2012-06-24 06:05--------d-----w-c:\program files\Microsoft Security Client
    2012-06-16 14:04 . 2012-06-16 14:04476936----a-w-c:\windows\system32\npdeployJava1.dll
    2012-06-14 15:19 . 2012-06-14 15:19--------d-----w-c:\documents and settings\Admin1\Application Data\TuneUp Software
    2012-06-14 15:19 . 2012-07-03 05:48--------d-----w-c:\documents and settings\All Users\Application Data\TuneUp Software
    2012-06-14 15:18 . 2012-06-14 15:18--------d-sh--w-c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 00:13 . 2012-04-03 17:48426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-24 00:13 . 2011-05-26 14:5270344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-16 14:04 . 2011-05-07 01:55472840----a-w-c:\windows\system32\deployJava1.dll
    2012-06-16 14:04 . 2008-08-08 17:1173728----a-w-c:\windows\system32\javacpl.cpl
    2012-06-04 21:35 . 2005-08-16 10:40210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2007-06-20 23:2222040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-06-20 23:2215384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2007-06-20 23:2215384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2005-05-26 09:1645080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2007-06-20 23:2217944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18 . 2007-06-21 21:2317136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2006-12-19 07:36275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 19:18 . 2005-05-26 09:19214256----a-w-c:\windows\system32\muweb.dll
    2012-05-15 10:18 . 2011-09-16 19:22883008----a-w-c:\windows\system32\nvgenco32.dll
    2012-05-15 10:18 . 2011-09-16 19:221000768----a-w-c:\windows\system32\nvdispco32.dll
    2012-05-15 10:18 . 2010-07-31 14:4765536----a-w-c:\windows\system32\OpenCL.dll
    2012-05-15 10:18 . 2010-07-31 14:476012928----a-w-c:\windows\system32\nvcuda.dll
    2012-05-15 10:18 . 2010-07-31 14:472530624----a-w-c:\windows\system32\nvcuvid.dll
    2012-05-15 10:18 . 2010-07-31 14:472445120----a-w-c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:18 . 2010-07-31 14:472359808----a-w-c:\windows\system32\nvapi.dll
    2012-05-15 10:18 . 2010-07-31 14:4718771968----a-w-c:\windows\system32\nvoglnt.dll
    2012-05-15 10:18 . 2010-07-31 14:4717543168----a-w-c:\windows\system32\nvcompiler.dll
    2012-05-15 10:18 . 2005-08-16 10:3514014656----a-w-c:\windows\system32\drivers\nv4_mini.sys
    2012-05-15 10:18 . 2005-08-16 10:354373248----a-w-c:\windows\system32\nv4_disp.dll
    2012-05-15 09:40 . 2011-09-16 19:2354272----a-w-c:\windows\system32\nvwddi.dll
    2012-05-15 09:40 . 2011-09-16 19:23143680----a-w-c:\windows\system32\nvcolor.exe
    2012-05-15 09:40 . 2011-09-16 19:2315504192----a-w-c:\windows\system32\nvcpl.dll
    2012-05-15 09:40 . 2011-09-16 19:23164160----a-w-c:\windows\system32\nvsvc32.exe
    2012-05-15 09:40 . 2011-09-16 19:23108352----a-w-c:\windows\system32\nvmctray.dll
    2012-04-18 17:08 . 2011-09-16 19:1127968----a-w-c:\windows\system32\nvhdap32.dll
    2012-04-18 17:08 . 2011-09-16 19:11123840----a-w-c:\windows\system32\drivers\nvhda32.sys
    2012-04-18 17:08 . 2012-02-21 21:15876864----a-w-c:\windows\system32\nvhdagenco3220103.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
    "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-05-15 108352]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ ˜¶‰ \0smrgdf c:\documents and settings\Admin1\Application Data\iolo\\0iolobtdfg c:\windows\system32
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^CurseClientStartup.ccip]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\CurseClientStartup.ccip
    backup=c:\windows\pss\CurseClientStartup.ccipStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
    backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
    backup=c:\windows\pss\PMB Media Check Tool.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 01:59937920----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:5740368----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    c:\program files\AIM\aim.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    c:\program files\Common Files\AOL\Launch\AOLLaunch.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    c:\program files\Creative\MediaSource\Detector\CTDetect.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 12:0015360----a-w-c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:391164584----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 07:05127035-c--a-w-c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 20:0167584-c--a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exidozabula]
    c:\windows\ofuvocog.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    c:\program files\Microsoft ActiveSync\wcescomm.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    c:\program files\Common Files\AOL\1140472379\ee\AOLSoftware.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hRIhhEtfWo.exe]
    c:\docume~1\Admin1\LOCALS~1\Temp\hRIhhEtfWo.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-06-17 13:56139264-c--a-w-c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:4481920-c--a-w-c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    c:\program files\iTunes\iTunesHelper.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    KHALMNPR.EXE [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    c:\program files\Messenger\msmsgs.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    c:\program files\MSN Messenger\MsnMsgr.Exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nqopujili]
    c:\windows\prvcay.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    c:\documents and settings\Admin1\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    c:\program files\Pando Networks\Media Booster\PMB.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    c:\program files\Real\RealPlayer\RealPlay.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2005-03-23 06:20339968-c--a-w-c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-01 23:291242448----a-w-f:\steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    c:\program files\Zune\ZuneLauncher.exe [BU]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="f:\itunes\iTunesHelper.exe"
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "f:\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
    "f:\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"=
    "f:\\Steam\\steamapps\\common\\real myst\\RealMYST.exe"=
    "f:\\Steam\\steamapps\\common\\real myst\\realMYSTSetup.exe"=
    "f:\\Steam\\steamapps\\common\\myst masterpiece\\Myst.exe"=
    "f:\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
    "f:\\Steam\\steamapps\\common\\puzzle pirates\\java_vm\\bin\\javaw.exe"=
    "f:\\Pidgin\\pidgin.exe"=
    "f:\\utorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Steam\\steamapps\\common\\bit.trip runner\\runner.exe"=
    "f:\\Steam\\steamapps\\common\\super meat boy\\SuperMeatBoy.exe"=
    "f:\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
    "f:\\Steam\\steamapps\\common\\nightsky\\NightSky.exe"=
    "f:\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
    "f:\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
    "f:\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
    "f:\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=
    "f:\\Steam\\steamapps\\common\\trauma\\trauma.exe"=
    "f:\\Steam\\steamapps\\common\\dead island\\DeadIslandGame.exe"=
    "f:\\TERA\\TERA-Launcher.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "f:\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
    "f:\\Steam\\steamapps\\common\\dungeon siege iii\\Dungeon Siege III.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "f:\\Guild Wars 2\\Gw2.exe"=
    "f:\\Steam\\steamapps\\common\\legend of grimrock\\grimrock.exe"=
    "f:\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
    "f:\\iTunes\\iTunes.exe"=
    "f:\\Diablo III\\Diablo III\\Diablo III.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.998\\Agent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "f:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "f:\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "56524:TCP"= 56524:TCP:pando Media Booster
    "56524:UDP"= 56524:UDP:pando Media Booster
    "57421:TCP"= 57421:TCP:pando Media Booster
    "57421:UDP"= 57421:UDP:pando Media Booster
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "6953:TCP"= 6953:TCP:League of Legends Launcher
    "6953:UDP"= 6953:UDP:League of Legends Launcher
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R1 MpKsl698877a3;MpKsl698877a3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8352C484-1F5F-4576-8D80-A00B93C8C194}\MpKsl698877a3.sys [x]
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
    S2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPServiceREG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:13]
    .
    2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006Core.job
    - c:\documents and settings\Admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006UA.job
    - c:\documents and settings\Admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
    .
    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007Core.job
    - c:\documents and settings\GJNA&T\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 04:45]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007UA.job
    - c:\documents and settings\GJNA&T\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 04:45]
    .
    2012-06-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    2012-07-04 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Trusted Zone: aol.com\free
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: fanfiction.net\www
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-Wdf01000.sys
    AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-03 20:43
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-762019420-644879084-276493692-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:71,b1,f6,18,a8,ce,dd,e9,b8,32,d4,2f,8e,23,a2,4f,27,b1,f7,47,a6,9b,ed,
    7c,48,80,45,ba,08,73,3b,75,5b,44,10,b6,e1,11,60,23,16,b9,3b,f4,17,f9,52,dd,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    Completion time: 2012-07-03 20:47:46
    ComboFix-quarantined-files.txt 2012-07-04 00:47
    ComboFix2.txt 2012-06-25 09:01
    ComboFix3.txt 2012-06-25 08:25
    ComboFix4.txt 2012-06-25 01:41
    ComboFix5.txt 2012-06-25 09:05
    .
    Pre-Run: 30,948,614,144 bytes free
    Post-Run: 30,971,621,376 bytes free
    .
    - - End Of File - - D5B3C73B49C0259A355B60AB38F13241
     
  15. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    =====================================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\OLD9.tmp
    c:\windows\SET1C4.tmp
    c:\windows\SET1B8.tmp
    c:\windows\SET1B5.tmp
    c:\windows\system32\drivers\60941195.sys
    c:\windows\ofuvocog.dll
    c:\docume~1\Admin1\LOCALS~1\Temp\hRIhhEtfWo.exe
    c:\windows\prvcay.dll 
    
    
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Trusted Zone: aol.com\free
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: fanfiction.net\www
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exidozabula]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hRIhhEtfWo.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nqopujili]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  16. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    ComboFix 12-07-02.01 - Admin1 07/03/2012 21:21:09.2.2 - x86
    Running from: c:\documents and settings\Admin1\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin1\Desktop\CFScript.txt
    * Created a new restore point
    .
    FILE ::
    "c:\docume~1\Admin1\LOCALS~1\Temp\hRIhhEtfWo.exe"
    "c:\windows\ofuvocog.dll"
    "c:\windows\prvcay.dll"
    "c:\windows\SET1B5.tmp"
    "c:\windows\SET1B8.tmp"
    "c:\windows\SET1C4.tmp"
    "c:\windows\system32\drivers\60941195.sys"
    "c:\windows\system32\drivers\OLD9.tmp"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 00:26 . 2008-04-13 18:3642368----a-w-c:\windows\system32\drivers\OLD9.tmp
    2012-07-04 00:26 . 2012-07-04 00:26--------d-----w-c:\windows\LastGood
    2012-07-03 04:58 . 2012-07-03 04:58--------d-----w-c:\documents and settings\Admin1\Local Settings\Application Data\PCHealth
    2012-07-03 04:49 . 2012-05-31 00:416762896----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0274356-EF04-4A07-93D4-BE796B175DC2}\mpengine.dll
    2012-07-03 04:40 . 2004-08-04 12:009728-c--a-w-c:\windows\system32\dllcache\query.exe
    2012-07-03 04:39 . 2004-08-04 12:0013463552-c--a-w-c:\windows\system32\dllcache\hwxjpn.dll
    2012-07-03 04:38 . 2004-08-04 12:00108544-c--a-w-c:\windows\system32\dllcache\appconf.dll
    2012-07-03 04:37 . 2004-08-04 12:00221184----a-w-c:\windows\system32\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:0016384-c--a-w-c:\windows\system32\dllcache\isignup.exe
    2012-07-03 04:35 . 2004-08-04 12:0016384----a-w-c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2012-07-03 04:35 . 2004-08-04 12:00364544-c--a-w-c:\windows\system32\dllcache\npdsplay.dll
    2012-07-03 04:35 . 2004-08-04 12:00364544----a-w-c:\program files\Windows Media Player\npdsplay.dll
    2012-07-03 04:35 . 2004-08-04 12:00226816-c--a-w-c:\windows\system32\dllcache\npdrmv2.dll
    2012-07-03 04:35 . 2004-08-04 12:00226816----a-w-c:\program files\Windows Media Player\npdrmv2.dll
    2012-07-03 04:35 . 2004-08-04 12:00221184-c--a-w-c:\windows\system32\dllcache\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:00221184----a-w-c:\program files\Windows Media Player\wmpns.dll
    2012-07-03 04:35 . 2004-08-04 12:0010240-c--a-w-c:\windows\system32\dllcache\npwmsdrm.dll
    2012-07-03 04:35 . 2004-08-04 12:0010240----a-w-c:\program files\Windows Media Player\npwmsdrm.dll
    2012-07-03 04:35 . 2004-08-04 12:004639-c--a-w-c:\windows\system32\dllcache\mplayer2.exe
    2012-07-03 04:35 . 2004-08-04 12:004639----a-w-c:\program files\Windows Media Player\mplayer2.exe
    2012-07-03 04:33 . 2004-08-04 12:007680-c--a-w-c:\windows\system32\dllcache\migregdb.exe
    2012-07-03 04:14 . 2004-08-04 12:0024661-c--a-w-c:\windows\system32\dllcache\spxcoins.dll
    2012-07-03 04:14 . 2004-08-04 12:0024661----a-w-c:\windows\system32\spxcoins.dll
    2012-07-03 04:14 . 2004-08-04 12:0013312-c--a-w-c:\windows\system32\dllcache\irclass.dll
    2012-07-03 04:14 . 2004-08-04 12:0013312----a-w-c:\windows\system32\irclass.dll
    2012-07-03 04:14 . 2004-08-04 12:0013753----a-r-c:\windows\SET1C4.tmp
    2012-07-03 04:14 . 2004-08-04 12:001086058----a-r-c:\windows\SET1B8.tmp
    2012-07-03 04:14 . 2004-08-04 12:001042903----a-r-c:\windows\SET1B5.tmp
    2012-06-27 18:42 . 2012-06-27 18:42--------d-----w-C:\found.000
    2012-06-26 21:38 . 2012-06-27 12:15--------d-----w-C:\FRST
    2012-06-26 03:42 . 2004-08-04 03:0742368-c--a-w-c:\windows\system32\dllcache\agp440.sys
    2012-06-26 03:42 . 2004-08-04 03:0742368----a-w-c:\windows\system32\drivers\agp440.sys
    2012-06-25 20:16 . 2012-06-25 20:17--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-06-25 20:16 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-25 03:04 . 2012-06-25 03:04--------d-----w-c:\documents and settings\Admin1\Application Data\SunRay Games
    2012-06-25 02:50 . 2012-06-25 02:50--------d-----w-c:\windows\Mystic Diary 3 - Missing Pages With Guide
    2012-06-25 01:56 . 2012-05-31 00:416762896----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-25 01:05 . 2012-06-25 01:0598992----a-w-c:\windows\system32\drivers\60941195.sys
    2012-06-24 23:27 . 2012-06-24 23:27--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-24 06:05 . 2012-06-24 06:05--------d-----w-c:\program files\Microsoft Security Client
    2012-06-16 14:04 . 2012-06-16 14:04476936----a-w-c:\windows\system32\npdeployJava1.dll
    2012-06-14 15:19 . 2012-06-14 15:19--------d-----w-c:\documents and settings\Admin1\Application Data\TuneUp Software
    2012-06-14 15:19 . 2012-07-03 05:48--------d-----w-c:\documents and settings\All Users\Application Data\TuneUp Software
    2012-06-14 15:18 . 2012-06-14 15:18--------d-sh--w-c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 00:13 . 2012-04-03 17:48426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-24 00:13 . 2011-05-26 14:5270344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-16 14:04 . 2011-05-07 01:55472840----a-w-c:\windows\system32\deployJava1.dll
    2012-06-16 14:04 . 2008-08-08 17:1173728----a-w-c:\windows\system32\javacpl.cpl
    2012-06-04 21:35 . 2005-08-16 10:40210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2007-06-20 23:2222040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-06-20 23:2215384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2007-06-20 23:2215384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2005-05-26 09:1645080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2007-06-20 23:2217944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18 . 2007-06-21 21:2317136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2006-12-19 07:36275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 19:18 . 2005-05-26 09:19214256----a-w-c:\windows\system32\muweb.dll
    2012-05-15 10:18 . 2011-09-16 19:22883008----a-w-c:\windows\system32\nvgenco32.dll
    2012-05-15 10:18 . 2011-09-16 19:221000768----a-w-c:\windows\system32\nvdispco32.dll
    2012-05-15 10:18 . 2010-07-31 14:4765536----a-w-c:\windows\system32\OpenCL.dll
    2012-05-15 10:18 . 2010-07-31 14:476012928----a-w-c:\windows\system32\nvcuda.dll
    2012-05-15 10:18 . 2010-07-31 14:472530624----a-w-c:\windows\system32\nvcuvid.dll
    2012-05-15 10:18 . 2010-07-31 14:472445120----a-w-c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:18 . 2010-07-31 14:472359808----a-w-c:\windows\system32\nvapi.dll
    2012-05-15 10:18 . 2010-07-31 14:4718771968----a-w-c:\windows\system32\nvoglnt.dll
    2012-05-15 10:18 . 2010-07-31 14:4717543168----a-w-c:\windows\system32\nvcompiler.dll
    2012-05-15 10:18 . 2005-08-16 10:3514014656----a-w-c:\windows\system32\drivers\nv4_mini.sys
    2012-05-15 10:18 . 2005-08-16 10:354373248----a-w-c:\windows\system32\nv4_disp.dll
    2012-05-15 09:40 . 2011-09-16 19:2354272----a-w-c:\windows\system32\nvwddi.dll
    2012-05-15 09:40 . 2011-09-16 19:23143680----a-w-c:\windows\system32\nvcolor.exe
    2012-05-15 09:40 . 2011-09-16 19:2315504192----a-w-c:\windows\system32\nvcpl.dll
    2012-05-15 09:40 . 2011-09-16 19:23164160----a-w-c:\windows\system32\nvsvc32.exe
    2012-05-15 09:40 . 2011-09-16 19:23108352----a-w-c:\windows\system32\nvmctray.dll
    2012-04-18 17:08 . 2011-09-16 19:1127968----a-w-c:\windows\system32\nvhdap32.dll
    2012-04-18 17:08 . 2011-09-16 19:11123840----a-w-c:\windows\system32\drivers\nvhda32.sys
    2012-04-18 17:08 . 2012-02-21 21:15876864----a-w-c:\windows\system32\nvhdagenco3220103.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
    "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-05-15 108352]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ ˜¶‰ \0smrgdf c:\documents and settings\Admin1\Application Data\iolo\\0iolobtdfg c:\windows\system32
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^CurseClientStartup.ccip]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\CurseClientStartup.ccip
    backup=c:\windows\pss\CurseClientStartup.ccipStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
    backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
    backup=c:\windows\pss\PMB Media Check Tool.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Admin1^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=c:\documents and settings\Admin1\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 01:59937920----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:5740368----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    c:\program files\AIM\aim.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    c:\program files\Common Files\AOL\Launch\AOLLaunch.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    c:\program files\Creative\MediaSource\Detector\CTDetect.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 12:0015360----a-w-c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:391164584----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 07:05127035-c--a-w-c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 20:0167584-c--a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    c:\program files\Microsoft ActiveSync\wcescomm.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    c:\program files\Common Files\AOL\1140472379\ee\AOLSoftware.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-06-17 13:56139264-c--a-w-c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:4481920-c--a-w-c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    c:\program files\iTunes\iTunesHelper.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    KHALMNPR.EXE [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    c:\program files\Messenger\msmsgs.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    c:\program files\MSN Messenger\MsnMsgr.Exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    c:\documents and settings\Admin1\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    c:\program files\Pando Networks\Media Booster\PMB.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    c:\program files\Real\RealPlayer\RealPlay.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2005-03-23 06:20339968-c--a-w-c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-01 23:291242448----a-w-f:\steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    c:\program files\Zune\ZuneLauncher.exe [BU]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="f:\itunes\iTunesHelper.exe"
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "f:\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
    "f:\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"=
    "f:\\Steam\\steamapps\\common\\real myst\\RealMYST.exe"=
    "f:\\Steam\\steamapps\\common\\real myst\\realMYSTSetup.exe"=
    "f:\\Steam\\steamapps\\common\\myst masterpiece\\Myst.exe"=
    "f:\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
    "f:\\Steam\\steamapps\\common\\puzzle pirates\\java_vm\\bin\\javaw.exe"=
    "f:\\Pidgin\\pidgin.exe"=
    "f:\\utorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Steam\\steamapps\\common\\bit.trip runner\\runner.exe"=
    "f:\\Steam\\steamapps\\common\\super meat boy\\SuperMeatBoy.exe"=
    "f:\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
    "f:\\Steam\\steamapps\\common\\nightsky\\NightSky.exe"=
    "f:\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
    "f:\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
    "f:\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
    "f:\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=
    "f:\\Steam\\steamapps\\common\\trauma\\trauma.exe"=
    "f:\\Steam\\steamapps\\common\\dead island\\DeadIslandGame.exe"=
    "f:\\TERA\\TERA-Launcher.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "f:\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
    "f:\\Steam\\steamapps\\common\\dungeon siege iii\\Dungeon Siege III.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "f:\\Guild Wars 2\\Gw2.exe"=
    "f:\\Steam\\steamapps\\common\\legend of grimrock\\grimrock.exe"=
    "f:\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
    "f:\\iTunes\\iTunes.exe"=
    "f:\\Diablo III\\Diablo III\\Diablo III.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.998\\Agent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "f:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "f:\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "56524:TCP"= 56524:TCP:pando Media Booster
    "56524:UDP"= 56524:UDP:pando Media Booster
    "57421:TCP"= 57421:TCP:pando Media Booster
    "57421:UDP"= 57421:UDP:pando Media Booster
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "6953:TCP"= 6953:TCP:League of Legends Launcher
    "6953:UDP"= 6953:UDP:League of Legends Launcher
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R1 MpKsl698877a3;MpKsl698877a3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8352C484-1F5F-4576-8D80-A00B93C8C194}\MpKsl698877a3.sys [x]
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPServiceREG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:13]
    .
    2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006Core.job
    - c:\documents and settings\Admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006UA.job
    - c:\documents and settings\Admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
    .
    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007Core.job
    - c:\documents and settings\GJNA&T\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 04:45]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007UA.job
    - c:\documents and settings\GJNA&T\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 04:45]
    .
    2012-06-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    2012-07-04 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-03 21:25
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-762019420-644879084-276493692-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:71,b1,f6,18,a8,ce,dd,e9,b8,32,d4,2f,8e,23,a2,4f,27,b1,f7,47,a6,9b,ed,
    7c,48,80,45,ba,08,73,3b,75,5b,44,10,b6,e1,11,60,23,16,b9,3b,f4,17,f9,52,dd,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2828)
    c:\windows\system32\AcSignIcon.dll
    f:\autocady\Inventor Fusion 2012\AcSignCore16.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-07-03 21:27:53
    ComboFix-quarantined-files.txt 2012-07-04 01:27
    ComboFix2.txt 2012-07-04 00:47
    ComboFix3.txt 2012-06-25 09:01
    ComboFix4.txt 2012-06-25 08:25
    ComboFix5.txt 2012-07-04 01:20
    .
    Pre-Run: 30,933,897,216 bytes free
    Post-Run: 30,918,094,848 bytes free
    .
    - - End Of File - - 781164968BD894A64D52E869F2A89A4E
     
  17. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Looks good :)

    Any current issues?

    ==========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Currently I am on a laptop and using a USB to get fresh combofix/mbam/otl onto the other computer and to get the logs back to be able to post them. So I'm not using the internet on there just in case even though it DOES work. The firewall is still not working on the computer that had the virus. Then MSE said something today about it not being a valid copy of windows and that it would stop working in 30 days. It is refusing to run as well though even if I go into services and try and manually start them. I'm still on service pack 2 from the repair install last night. I tried to do updates but Microsoft's site kept giving me errors and being silly >_>. I'll post logs in a bit since I still haven't run them as of this post.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,594   +267

  20. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    OTL logfile created on: 7/3/2012 10:27:24 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Admin1\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.03% Memory free
    4.84 Gb Paging File | 4.37 Gb Available in Paging File | 90.22% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 28.79 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 341.51 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
    Drive G: | 3.80 Gb Total Space | 3.79 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

    Computer Name: DH7VCF91 | User Name: Admin1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/03 21:56:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin1\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2005/07/22 09:03:00 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    PRC - [2005/06/21 10:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
    PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/02/09 18:35:06 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2005/06/21 10:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll
    MOD - [2005/06/21 10:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
    MOD - [2005/06/21 10:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlccprox.dll
    MOD - [2005/06/06 05:58:38 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll
    MOD - [2004/08/04 08:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2004/08/04 08:00:00 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2004/08/04 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2004/08/04 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/23 20:13:28 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/02/28 17:20:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2005/12/12 18:52:32 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
    SRV - [2005/06/21 10:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device)
    SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8352C484-1F5F-4576-8D80-A00B93C8C194}\MpKsl698877a3.sys -- (MpKsl698877a3)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mhndrv.sys -- (MHNDRV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LMouKE.Sys -- (LMouKE)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\iastor.sys -- (iastor)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
    DRV - [2012/04/18 13:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2010/12/19 13:46:10 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
    DRV - [2010/12/19 13:46:10 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/09/26 22:10:30 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2010/08/16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2010/08/16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/05/10 10:56:26 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
    DRV - [2005/12/12 18:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
    DRV - [2005/12/12 18:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
    DRV - [2005/12/12 18:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
    DRV - [2005/12/12 18:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
    DRV - [2005/12/12 18:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
    DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 DC FD 55 93 38 CC 01 [binary data]
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\..\SearchScopes\{E7EC2B25-6A27-4A83-9EF0-63F305E5AD06}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-762019420-644879084-276493692-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{62A30D05-D595-4764-9C25-65DD5A0D9B3C}: C:\Documents and Settings\Admin1\Local Settings\Application Data\{62A30D05-D595-4764-9C25-65DD5A0D9B3C}

    [2010/09/25 13:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin1\Application Data\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: iTunes Application Detector (Enabled) = F:\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Colorful Space = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adbodkkohhfpjcaoolbiekmjnkgicfnj\1.0_0\
    CHR - Extension: WOT = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Adblock Plus (Beta) experimental build = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn\1.2.0.796_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/03 20:43:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-762019420-644879084-276493692-1006\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
    O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-762019420-644879084-276493692-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.102/FreeRealmsInstaller.cab?v=1049 (SonyOnlineInstallerX)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1341295921045 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166461515184 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} https://ssl1-us.dsm.com/nortel_cacheable/iewiper.cab (Iewiper Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Admin1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2012/02/28 17:01:29 | 000,000,000 | ---D | M] - F:\AutoCAD -- [ NTFS ]
    O32 - AutoRun File - [2012/03/27 19:00:49 | 000,000,000 | ---D | M] - F:\Autocady -- [ NTFS ]
    O34 - HKLM BootExecute: (˜¶‰)
    O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Admin1\Application Data\iolo\)
    O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
  21. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/03 22:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/03 22:10:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/07/03 22:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/03 22:08:59 | 007,833,664 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin1\Desktop\mbam-rules (1).exe
    [2012/07/03 21:56:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin1\Desktop\OTL.exe
    [2012/07/03 20:24:17 | 004,568,951 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin1\Desktop\ComboFix.exe
    [2012/07/03 00:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin1\Local Settings\Application Data\PCHealth
    [2012/07/03 00:49:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2012/07/03 00:41:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2012/07/03 00:41:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2012/07/03 00:41:05 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2012/07/03 00:39:24 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2012/06/27 14:42:54 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/06/26 17:38:10 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/25 23:30:26 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin1\Desktop\TDSSKiller.exe
    [2012/06/25 22:58:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin1\Desktop\aswMBR.exe
    [2012/06/25 22:55:18 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Admin1\Desktop\boot_cleaner.exe
    [2012/06/25 16:15:38 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin1\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/24 23:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin1\Application Data\SunRay Games
    [2012/06/24 22:50:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Mystic Diary 3 - Missing Pages With Guide
    [2012/06/24 21:05:58 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\60941195.sys
    [2012/06/24 20:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/06/24 20:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/06/24 20:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/06/24 20:00:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/06/24 20:00:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/06/24 19:27:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/24 19:20:17 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/24 19:20:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/06/24 02:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/24 01:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/06/24 01:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/06/14 11:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin1\Application Data\TuneUp Software
    [2012/06/14 11:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2012/06/14 11:18:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/03 22:25:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007UA.job
    [2012/07/03 22:19:27 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2012/07/03 22:14:40 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/07/03 22:10:48 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/03 22:09:54 | 000,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/03 22:09:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/03 22:08:48 | 007,833,664 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin1\Desktop\mbam-rules (1).exe
    [2012/07/03 21:57:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/07/03 21:57:11 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006UA.job
    [2012/07/03 21:56:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin1\Desktop\OTL.exe
    [2012/07/03 20:43:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/03 20:20:24 | 004,568,951 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin1\Desktop\ComboFix.exe
    [2012/07/03 00:56:02 | 000,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2012/07/03 00:51:28 | 003,535,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/07/03 00:45:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2012/07/03 00:37:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2012/07/03 00:37:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/07/03 00:37:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/07/03 00:37:25 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2012/07/03 00:31:30 | 000,000,282 | -HS- | M] () -- C:\boot.ini
    [2012/07/03 00:20:07 | 001,075,248 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/07/03 00:20:07 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/07/03 00:19:12 | 001,075,248 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/07/03 00:16:48 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2012/07/03 00:15:12 | 000,507,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/07/03 00:15:12 | 000,089,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/25 23:30:16 | 002,109,806 | ---- | M] () -- C:\Documents and Settings\Admin1\Desktop\tdsskiller.zip
    [2012/06/25 22:58:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin1\Desktop\aswMBR.exe
    [2012/06/25 22:54:59 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Admin1\Desktop\bootkit_remover.zip
    [2012/06/25 21:33:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/06/25 20:21:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/25 19:44:01 | 000,002,727 | ---- | M] () -- C:\WINDOWS\setupapi.old
    [2012/06/25 18:25:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007Core.job
    [2012/06/25 16:21:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin1\Desktop\d4c1iup5.exe
    [2012/06/24 21:05:59 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\60941195.sys
    [2012/06/24 20:33:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
    [2012/06/24 19:02:14 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Admin1\.recently-used.xbel
    [2012/06/24 03:17:17 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/24 03:01:32 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin1\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/23 14:57:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006Core.job
    [2012/06/20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin1\Desktop\TDSSKiller.exe
    [2012/06/18 20:54:41 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Admin1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/12 00:02:37 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Admin1\Desktop\Google Chrome.lnk
    [2012/06/12 00:02:37 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/03 22:10:48 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/03 00:56:03 | 000,013,690 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
    [2012/07/03 00:40:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2012/07/03 00:40:23 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2012/07/03 00:40:11 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2012/07/03 00:40:10 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2012/07/03 00:40:08 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2012/07/03 00:39:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2012/07/03 00:39:50 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2012/07/03 00:39:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
    [2012/07/03 00:39:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2012/07/03 00:35:52 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/07/03 00:35:30 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
    [2012/07/03 00:14:33 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
    [2012/07/03 00:14:33 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2012/07/03 00:14:33 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
    [2012/07/03 00:14:33 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
    [2012/07/03 00:14:33 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
    [2012/07/03 00:14:32 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
    [2012/07/03 00:14:32 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2012/07/03 00:14:32 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2012/07/03 00:14:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2012/07/03 00:14:32 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
    [2012/07/03 00:14:32 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
    [2012/07/03 00:14:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2012/07/03 00:14:32 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2012/07/03 00:14:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2012/07/03 00:14:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2012/07/03 00:14:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2012/07/03 00:14:32 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2012/07/03 00:14:31 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
    [2012/07/03 00:14:31 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2012/06/25 23:30:11 | 002,109,806 | ---- | C] () -- C:\Documents and Settings\Admin1\Desktop\tdsskiller.zip
    [2012/06/25 22:55:06 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Admin1\Desktop\bootkit_remover.zip
    [2012/06/25 16:22:06 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin1\Desktop\d4c1iup5.exe
    [2012/06/25 03:28:29 | 000,002,727 | ---- | C] () -- C:\WINDOWS\setupapi.old
    [2012/06/24 20:03:32 | 000,000,209 | -HS- | C] () -- C:\Boot.bak
    [2012/06/24 20:03:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/06/24 20:00:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/06/24 20:00:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/06/24 20:00:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/06/24 20:00:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/06/24 20:00:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/06/24 19:02:14 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Admin1\.recently-used.xbel
    [2012/06/24 02:15:56 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/24 02:15:55 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2012/06/24 02:05:57 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/04/03 13:53:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2012/03/01 19:12:37 | 000,205,010 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
    [2012/03/01 19:12:37 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
    [2012/03/01 14:12:06 | 000,572,540 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-762019420-644879084-276493692-1006-0.dat
    [2012/03/01 14:12:06 | 000,316,482 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/02/28 17:21:32 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2012/02/16 14:56:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/16 15:09:32 | 001,075,248 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/09/16 15:09:29 | 001,075,248 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/09/16 15:09:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/07/02 04:46:49 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/06/15 18:58:43 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
    [2011/06/15 14:38:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2011/06/09 19:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
    [2011/04/20 04:03:07 | 000,048,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/12/18 18:56:56 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2010/12/18 18:56:55 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2010/12/18 18:56:55 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2010/12/17 23:43:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ohagure.dat
    [2010/12/17 23:43:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzewutero.bin
    [2010/10/14 00:56:48 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/09/25 10:24:59 | 000,000,071 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2010/09/25 10:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
    [2010/09/07 06:42:28 | 000,000,270 | ---- | C] () -- C:\WINDOWS\SupportEditor.INI
    [2010/09/06 14:20:49 | 000,003,519 | ---- | C] () -- C:\WINDOWS\3DLightyear.INI
    [2010/08/03 18:56:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2008/10/30 21:34:14 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\All Users\photos.lnk
    [2008/08/08 12:07:47 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\Admin1\Application Data\Microsoft Excel.ADR
    [2007/11/12 15:28:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2007/09/27 14:04:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Admin1\Application Data\$_hpcst$.hpc
    [2007/05/29 20:06:03 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/15 17:42:31 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Admin1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/12 20:40:46 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Admin1\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========

    [2012/02/22 00:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\.minecraft
    [2012/06/25 02:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\.purple
    [2006/03/05 16:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\acccore
    [2011/09/09 00:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Aim
    [2012/04/03 13:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Atari
    [2010/12/18 12:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Auslogics
    [2012/03/27 19:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Autodesk
    [2007/02/17 17:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Azureus
    [2007/02/04 18:57:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin1\Application Data\Broderbund
    [2011/12/25 06:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Broken Rules
    [2012/02/22 14:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2007/06/18 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Command & Conquer 3 Tiberium Wars
    [2011/12/29 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Crayon Physics Deluxe
    [2008/08/08 10:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\DSI
    [2012/02/09 22:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\EnMasse
    [2010/04/12 23:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\FOG Downloader
    [2012/06/24 16:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\gtk-2.0
    [2011/07/02 03:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Hi-Rez Studios
    [2007/02/06 17:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\iolo
    [2006/03/05 16:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Leadertech
    [2010/11/27 23:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\LolClient
    [2011/12/19 01:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Nicalis
    [2009/11/07 16:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Octoshape
    [2012/02/29 17:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\OpenOffice.org
    [2011/06/15 14:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Peter Brinson and Kurosh ValaNejad
    [2010/10/22 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\RayV
    [2011/05/26 02:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Relentless Software
    [2010/12/18 14:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Salty Brine
    [2011/12/16 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Sony Online Entertainment
    [2012/04/11 00:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Stardock
    [2011/10/25 00:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\SystemRequirementsLab
    [2011/11/27 02:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Trillian
    [2010/12/02 19:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Trion Worlds
    [2012/06/14 11:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\TuneUp Software
    [2009/09/29 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Turbine
    [2012/07/03 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\uTorrent
    [2012/07/03 21:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Viewpoint
    [2010/11/17 15:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\VirtualStore
    [2009/04/28 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin1\Application Data\Wizards of the Coast
    [2010/05/26 17:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2012/03/27 19:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2012/05/15 13:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
    [2011/05/18 20:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
    [2007/02/04 19:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2011/04/05 16:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2012/04/06 15:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2012/04/11 00:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
    [2007/08/07 13:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/12/18 02:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jHlMc06511
    [2008/08/08 13:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2009/05/27 08:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/05/19 22:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/09/15 01:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2010/09/15 22:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2009/08/08 20:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2010/09/25 10:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2012/02/22 15:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/19 13:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2009/05/27 08:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2012/04/11 00:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2012/02/09 00:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERA
    [2012/07/03 01:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2012/07/03 21:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/08/04 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/07/01 23:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
    [2012/06/14 11:18:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2010/04/09 16:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/04/11 00:38:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EB424B13-2E57-4A45-936F-A4DFB6DB1688}
    [2006/02/20 17:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\acccore
    [2006/03/22 16:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Aim
    [2012/04/01 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Atari
    [2007/02/04 19:37:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Broderbund
    [2007/02/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\iolo
    [2008/02/11 19:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Leadertech
    [2009/09/05 22:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\MusicNet
    [2011/10/15 13:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Sony Online Entertainment
    [2012/06/15 12:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\TuneUp Software
    [2007/04/16 23:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GJNA&T\Application Data\Viewpoint
    [2007/02/05 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
    [2012/07/03 22:19:27 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

    ========== Purity Check ==========


    < End of report >
     
  22. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    OTL Extras logfile created on: 7/3/2012 10:27:24 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Admin1\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.03% Memory free
    4.84 Gb Paging File | 4.37 Gb Available in Paging File | 90.22% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 28.79 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 341.51 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
    Drive G: | 3.80 Gb Total Space | 3.79 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

    Computer Name: DH7VCF91 | User Name: Admin1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- F:\Photoshop\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "57421:TCP" = 57421:TCP:*:Enabled:pando Media Booster
    "57421:UDP" = 57421:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
    "56524:TCP" = 56524:TCP:*:Enabled:pando Media Booster
    "56524:UDP" = 56524:UDP:*:Enabled:pando Media Booster
    "57421:TCP" = 57421:TCP:*:Enabled:pando Media Booster
    "57421:UDP" = 57421:UDP:*:Enabled:pando Media Booster
    "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
    "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
    "8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
    "6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher
    "6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
    "F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Enabled:GomTVStreamerLive -- ()
    "F:\Steam\steamapps\common\magic the gathering - duels of the planeswalkers\DotP.exe" = F:\Steam\steamapps\common\magic the gathering - duels of the planeswalkers\DotP.exe:*:Enabled:Magic: The Gathering - Duels of the Planeswalkers -- ()
    "F:\Steam\steamapps\common\real myst\RealMYST.exe" = F:\Steam\steamapps\common\real myst\RealMYST.exe:*:Enabled:realMyst -- ()
    "F:\Steam\steamapps\common\real myst\realMYSTSetup.exe" = F:\Steam\steamapps\common\real myst\realMYSTSetup.exe:*:Enabled:realMyst -- ()
    "F:\Steam\steamapps\common\myst masterpiece\Myst.exe" = F:\Steam\steamapps\common\myst masterpiece\Myst.exe:*:Enabled:Myst: Masterpiece Edition -- ()
    "F:\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe" = F:\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
    "F:\Steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe" = F:\Steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe:*:Enabled:puzzle Pirates -- (Sun Microsystems, Inc.)
    "F:\Pidgin\pidgin.exe" = F:\Pidgin\pidgin.exe:*:Enabled:pidgin -- (The Pidgin developer community)
    "F:\utorrent\uTorrent.exe" = F:\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "F:\Steam\steamapps\common\bit.trip runner\runner.exe" = F:\Steam\steamapps\common\bit.trip runner\runner.exe:*:Enabled:BIT.TRIP RUNNER -- ()
    "F:\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe" = F:\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe:*:Enabled:Super Meat Boy Editor -- ()
    "F:\Steam\steamapps\common\gratuitous space battles\GSB.exe" = F:\Steam\steamapps\common\gratuitous space battles\GSB.exe:*:Enabled:Gratuitous Space Battles -- ()
    "F:\Steam\steamapps\common\nightsky\NightSky.exe" = F:\Steam\steamapps\common\nightsky\NightSky.exe:*:Enabled:NightSky -- ( )
    "F:\Steam\steamapps\common\cogs\cogs.exe" = F:\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs -- ()
    "F:\Steam\steamapps\common\hammerfight\Hammerfight.exe" = F:\Steam\steamapps\common\hammerfight\Hammerfight.exe:*:Enabled:Hammerfight -- ()
    "F:\Steam\steamapps\common\crayon physics deluxe\launcher.exe" = F:\Steam\steamapps\common\crayon physics deluxe\launcher.exe:*:Enabled:Crayon Physics Deluxe -- ()
    "F:\Steam\steamapps\common\bastion\Bastion.exe" = F:\Steam\steamapps\common\bastion\Bastion.exe:*:Enabled:Bastion -- (Supergiant Games)
    "F:\Steam\steamapps\common\trauma\trauma.exe" = F:\Steam\steamapps\common\trauma\trauma.exe:*:Enabled:TRAUMA -- (Adobe Systems, Inc.)
    "F:\Steam\steamapps\common\dead island\DeadIslandGame.exe" = F:\Steam\steamapps\common\dead island\DeadIslandGame.exe:*:Enabled:Dead Island -- (Techland)
    "F:\TERA\TERA-Launcher.exe" = F:\TERA\TERA-Launcher.exe:*:Enabled:TERA -- (En Masse Entertainment)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
    "F:\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = F:\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
    "F:\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe" = F:\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe:*:Enabled:Dungeon Siege III -- (Obsidian Entertainment, Inc.)
    "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
    "F:\Guild Wars 2\Gw2.exe" = F:\Guild Wars 2\Gw2.exe:*:Enabled:Guild Wars 2 Game Client -- (ArenaNet)
    "F:\Steam\steamapps\common\legend of grimrock\grimrock.exe" = F:\Steam\steamapps\common\legend of grimrock\grimrock.exe:*:Enabled:Legend of Grimrock -- ()
    "F:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe" = F:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders -- (Trendy Entertainment LLC)
    "F:\Diablo III\Diablo III\Diablo III.exe" = F:\Diablo III\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
    "F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
    "F:\Steam\steamapps\common\magicka\Magicka.exe" = F:\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{403EF592-953B-4794-BCEF-ECAB835C2095}" =
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
    "{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{700932B3-A964-4878-82A2-96054622A1F7}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B1D46FFA-BCA1-4810-A8C1-D091E65D544B}" = League of Legends
    "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
    "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB99E420-8071-48F9-9567-4A53BE7569C4}" =
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}" = Livestream Procaster
    "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4257ACA-7D3B-4FBA-8A37-E1F4699E91C7}" = WOT Services
    "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
    "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
    "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "3D Lightyear 1.4" = 3D Lightyear 1.4
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AudioPlugin.dll" =
    "AutoCAD 2012 - English" = AutoCAD 2012 - English
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "CADI" =
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "CopyNow.dll" =
    "Creative Audio Device Selection" =
    "DataPlugin.dll" =
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "DivX Setup.divx.com" = DivX Setup
    "dlatray.exe" =
    "EADM" = EA Download Manager
    "GOM Player" = GOM Player
    "GomTVStreamer" = GOMTV Streamer
    "Guild Wars 2" = Guild Wars 2
    "Impulse®" = Impulse®
    "Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "OpenAL" = OpenAL
    "Pidgin" = Pidgin
    "Plants vs. Zombies" = Plants vs. Zombies
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "Sony MHS Camera Driver" = Sony MHS Camera Driver
    "Steam App 107100" = Bastion
    "Steam App 18700" = And Yet It Moves
    "Steam App 200900" = Cave Story+
    "Steam App 207170" = Legend of Grimrock
    "Steam App 240" = Counter-Strike: Source
    "Steam App 26500" = Cogs
    "Steam App 26900" = Crayon Physics Deluxe
    "Steam App 39160" = Dungeon Siege III
    "Steam App 40800" = Super Meat Boy
    "Steam App 40810" = Super Meat Boy Editor
    "Steam App 41100" = Hammerfight
    "Steam App 41800" = Gratuitous Space Battles
    "Steam App 42910" = Magicka
    "Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
    "Steam App 550" = Left 4 Dead 2
    "Steam App 63600" = Real Myst
    "Steam App 63660" = Myst Masterpiece
    "Steam App 63710" = BIT.TRIP RUNNER
    "Steam App 65800" = Dungeon Defenders
    "Steam App 70300" = VVVVVV
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 91310" = Dead Island
    "Steam App 94200" = Jamestown
    "Steam App 98100" = TRAUMA
    "Steam App 99700" = NightSky
    "Steam App 99900" = Spiral Knights
    "Steam App 99910" = Puzzle Pirates
    "SystemRequirementsLab" = System Requirements Lab
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-762019420-644879084-276493692-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/25/2012 11:02:26 PM | Computer Name = DH7VCF91 | Source = Application Error | ID = 1000
    Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00010913.

    Error - 6/25/2012 11:04:30 PM | Computer Name = DH7VCF91 | Source = Application Error | ID = 1000
    Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00010717.

    Error - 6/25/2012 11:13:36 PM | Computer Name = DH7VCF91 | Source = Application Error | ID = 1000
    Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00010717.

    Error - 7/3/2012 12:37:18 AM | Computer Name = DH7VCF91 | Source = VSS | ID = 4101
    Description = Volume Shadow Copy Service error: Cannot obtain the collection 'Applications'
    from the COM+ catalog [0x80040154].

    Error - 7/3/2012 12:49:00 AM | Computer Name = DH7VCF91 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070002, P2 moac, P3 cachereset, P4 4.0.1526.0,
    P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

    Error - 7/3/2012 12:58:03 AM | Computer Name = DH7VCF91 | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 7/3/2012 10:12:34 PM | Computer Name = DH7VCF91 | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF56 Description:. 0x8004FF56.

    Error - 7/3/2012 10:12:37 PM | Computer Name = DH7VCF91 | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 7/3/2012 10:14:40 PM | Computer Name = DH7VCF91 | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF56 Description:. 0x8004FF56.

    Error - 7/3/2012 10:14:41 PM | Computer Name = DH7VCF91 | Source = Microsoft Security Client | ID = 5000
    Description =

    [ IntelDH Events ]
    Error - 6/24/2012 8:13:19 PM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/24/2012 9:11:00 PM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/24/2012 9:20:26 PM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 4:03:53 AM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 4:33:15 AM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 4:40:41 AM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 5:10:40 AM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 5:24:36 AM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 3:47:41 PM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 6/25/2012 4:14:18 PM | Computer Name = DH7VCF91 | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    [ Media Center Events ]
    Error - 4/9/2012 11:13:52 AM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/9/2012 11:13:50 AM. You may need to reschedule your recordings.

    Error - 4/9/2012 1:44:34 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/9/2012 1:44:34 PM. You may need to reschedule your recordings.

    Error - 4/10/2012 1:02:38 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/10/2012 1:02:38 PM. You may need to reschedule your recordings.

    Error - 4/12/2012 2:44:21 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/12/2012 2:44:21 PM. You may need to reschedule your recordings.

    Error - 4/13/2012 2:45:47 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/13/2012 2:45:47 PM. You may need to reschedule your recordings.

    Error - 4/14/2012 10:23:00 AM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/14/2012 10:23:00 AM. You may need to reschedule your recordings.

    Error - 4/15/2012 1:24:48 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/15/2012 1:24:48 PM. You may need to reschedule your recordings.

    Error - 4/16/2012 8:06:26 AM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/16/2012 8:06:26 AM. You may need to reschedule your recordings.

    Error - 4/17/2012 8:52:14 AM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/17/2012 8:52:14 AM. You may need to reschedule your recordings.

    Error - 4/19/2012 1:24:58 PM | Computer Name = DH7VCF91 | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 4/19/2012 1:24:58 PM. You may need to reschedule your recordings.

    [ System Events ]
    Error - 7/3/2012 10:04:57 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x8007007f Error description: The specified procedure could not
    be found. Reason: %%837

    Error - 7/3/2012 10:09:39 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%834 Error Code: 0x8007007f Error description: The specified procedure could not
    be found. Reason: %%842

    Error - 7/3/2012 10:09:39 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x8007007f Error description: The specified procedure could not
    be found. Reason: %%842

    Error - 7/3/2012 10:09:39 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%834 Error Code: 0x8007007f Error description: The specified procedure could not
    be found. Reason: %%837

    Error - 7/3/2012 10:09:39 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x8007007f Error description: The specified procedure could not
    be found. Reason: %%837

    Error - 7/3/2012 10:09:48 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%834 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

    Error - 7/3/2012 10:09:48 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

    Error - 7/3/2012 10:11:32 PM | Computer Name = DH7VCF91 | Source = DCOM | ID = 10010
    Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
    with DCOM within the required timeout.

    Error - 7/3/2012 10:19:45 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%834 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

    Error - 7/3/2012 10:19:45 PM | Computer Name = DH7VCF91 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    I still need MBAM log.
     
  24. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.02.02
    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Admin1 :: DH7VCF91 [administrator]
    Protection: Disabled
    7/3/2012 10:11:40 PM
    mbam-log-2012-07-03 (22-11-40).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 275994
    Time elapsed: 10 minute(s), 24 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    forgot to put it on the flash drive with the otl logs >< mybad
     
  25. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
      O3 - HKU\S-1-5-21-762019420-644879084-276493692-1006\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O34 - HKLM BootExecute: (˜¶‰)
      O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Admin1\Application Data\iolo\)
      O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.