TechSpot

Trojan found, help~!

By WonderGirls
Nov 17, 2010
  1. I'm here, again.

    Anyways my computer went all crazy and suddenly shut down and when I restarted it would shut down over and over again, until I got it to work.

    I did a full scan on Trend Micro, and it found a trojan.

    When I check where the trojan is coming from it said it was from TFC.exe which is a step in the 8-preliminary steps, I tried download a fresh new batch from the link in the post but the download drags onto 1 hour when it's only 400+ KB.

    My Internet is really slow, so please help!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    I can download TFC now, but I can't run it.

    Here are the logs.

    GMER log came up as blank.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5142

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    17/11/2010 8:00:58 PM
    mbam-log-2010-11-17 (20-00-58).txt

    Scan type: Quick scan
    Objects scanned: 151142
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Chris at 20:31:17.92 on 17/11/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.6142.4020 [GMT -7:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\MHotKey.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ChiFuncExt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ModLedKey.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Chris\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Chris\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [LedKey] CNYHKey.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all by FlashGet3 - C:\Users\Chris\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Chris\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GOEC62~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ============= SERVICES / DRIVERS ===============

    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-29 200720]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 2011944]
    R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-10-6 42576]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-29 339984]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-4-14 316544]
    R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-10-6 595960]
    R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-10-6 917768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-9 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-2-25 30192]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-7-7 17464]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

    =============== Created Last 30 ================

    2010-11-17 23:49:56 -------- d-sh--w- C:\found.000
    2010-11-14 17:54:49 -------- d-----w- C:\Program Files\iPod
    2010-11-14 17:54:48 -------- d-----w- C:\Program Files\iTunes
    2010-11-11 21:36:09 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
    2010-11-09 20:58:11 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2010-11-09 20:58:11 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2010-11-06 03:14:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2010-11-06 03:12:25 -------- d-----w- C:\Program Files (x86)\MicroVolts
    2010-11-05 01:06:20 -------- d-----w- C:\Program Files (x86)\Secunia
    2010-10-27 01:42:03 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
    2010-10-26 21:51:58 1927680 ----a-w- C:\Windows\System32\gameux.dll
    2010-10-26 21:51:58 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
    2010-10-26 21:51:57 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
    2010-10-26 21:51:57 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
    2010-10-26 21:51:57 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
    2010-10-26 21:51:57 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
    2010-10-22 02:43:44 -------- d-----w- C:\Program Files (x86)\Microsoft
    2010-10-22 02:43:30 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2010-10-22 02:34:48 -------- d-----w- C:\Windows\PCHEALTH
    2010-10-22 01:49:47 -------- d-----w- C:\Users\Chris\AppData\Local\Windows Live
    2010-10-22 01:49:15 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
    2010-10-22 01:49:15 1103872 ----a-w- C:\Windows\System32\webservices.dll
    2010-10-21 21:20:20 -------- d-----w- C:\Fraps
    2010-10-21 20:54:33 -------- d-----w- C:\PWRD
    2010-10-21 20:44:26 -------- d-----w- C:\Downloads
    2010-10-21 20:43:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\FlashGet
    2010-10-21 20:43:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\BITS
    2010-10-21 20:43:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\FlashGetBHO
    2010-10-21 20:43:44 -------- d-----w- C:\Program Files (x86)\FlashGet Network

    ==================== Find3M ====================

    2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
    2010-09-08 17:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 17:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
    2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
    2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
    2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll

    ============= FINISH: 20:31:44.76 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on........
     
  6. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    What am I missing?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  8. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Sorry if I'm bothering you but I still don't see what I'm missing, re-read that thread a billion times.

    I posted up my MBAM log, GMER didn't show up, only DDS log came up, attach didn't.

    EDIT: FML, my computer is wacky sometimes, just re-scanned with DDS, and attach came up.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 27/09/2009 11:59:39 AM
    System Uptime: 17/11/2010 4:51:29 PM (4 hours ago)

    Motherboard: Gateway | | EG43M
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 582 GiB total, 405.416 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&61B4906&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&61B4906&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP316: 13/10/2010 4:11:23 PM - Windows Update
    RP317: 14/10/2010 1:05:05 PM - Windows Update
    RP318: 17/10/2010 12:53:31 AM - Scheduled Checkpoint
    RP319: 17/10/2010 7:43:07 PM - Scheduled Checkpoint
    RP320: 18/10/2010 5:21:58 PM - Scheduled Checkpoint
    RP321: 20/10/2010 5:40:47 PM - Scheduled Checkpoint
    RP322: 21/10/2010 7:48:42 PM - Windows Update
    RP323: 21/10/2010 8:17:49 PM - Windows Live Essentials
    RP324: 21/10/2010 8:22:52 PM - Windows Live Essentials
    RP325: 21/10/2010 8:30:41 PM - Windows Live Essentials
    RP326: 21/10/2010 8:32:32 PM - Installed DirectX
    RP327: 21/10/2010 8:33:22 PM - Installed DirectX
    RP328: 21/10/2010 8:37:23 PM - Windows Live Essentials
    RP329: 26/10/2010 4:42:29 PM - Installed Java(TM) 6 Update 22
    RP330: 27/10/2010 3:48:29 PM - Windows Update
    RP331: 05/11/2010 9:13:20 PM - Installed NVIDIA PhysX
    RP332: 06/11/2010 7:26:44 PM - Scheduled Checkpoint
    RP333: 07/11/2010 9:20:20 PM - Scheduled Checkpoint
    RP334: 08/11/2010 5:22:07 PM - Scheduled Checkpoint
    RP335: 10/11/2010 3:41:32 PM - Windows Update
    RP336: 11/11/2010 7:34:56 PM - Scheduled Checkpoint
    RP337: 14/11/2010 10:51:25 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP338: 14/11/2010 10:51:56 AM - Device Driver Package Install: Apple Network adapters
    RP339: 15/11/2010 4:48:31 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.4.0
    Alien Swarm
    Apple Application Support
    Apple Software Update
    AsdaStory
    AsdaStoy
    Audacity 1.2.6
    BitTorrent
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    ccc-core-static
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Norwegian
    CCC Help Spanish
    CCC Help Swedish
    CCleaner
    Compatibility Pack for the 2007 Office system
    CyberLink Power2Go
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    FlashGet 3.5
    Fraps
    Game Booster
    Gateway Games
    Gateway Photo Frame 4.2.3.6
    Gateway Recovery Management
    Gateway ScreenSaver
    GOM Player
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 22
    KB0817 Keyboard Driver
    League of Legends
    Left 4 Dead 2
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    Microsoft Choice Guard
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word Viewer 2003
    Microsoft Publisher 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MicroVolts
    Mozilla Firefox (3.6.12)
    Mozilla Firefox 4.0b7 (x86 en-US)
    MSVCRT
    NVIDIA PhysX
    osu!
    QPang
    QuickTime
    Rainmeter (remove only)
    Realtek High Definition Audio Driver
    S4 League_EU
    Secunia PSI
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skins
    Skype Toolbars
    Skype™ 4.2
    SoulMaster
    Steam
    TeamSpeak 3 Client
    TeamViewer 5
    The Typing of The Dead
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Vegas Movie Studio Platinum 9.0
    Ventrilo Client
    ViiKii Desktop Plug-in
    Visual C++ 8.0 Runtime Setup Package (x64)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    17/11/2010 4:52:21 PM, Error: EventLog [6008] - The previous system shutdown at 4:33:21 PM on 17/11/2010 was unexpected.
    17/11/2010 4:20:10 PM, Error: EventLog [6008] - The previous system shutdown at 4:18:33 PM on 17/11/2010 was unexpected.
    16/11/2010 3:50:44 PM, Error: Service Control Manager [7000] - The NPPTNT2 service failed to start due to the following error: The system cannot find the file specified.
    16/11/2010 3:50:42 PM, Error: Application Popup [1060] - \??\C:\GamesCampus\SoulMaster\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    14/11/2010 10:52:32 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/11/2010 10:51:14 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You didn't tell me.

    Define "wacky".

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    I'm sorry I editted my other post, should just use the reply function eh?

    And, right now it's being all weird again, I'm trying to download OTL and it's not letting me! I click the link, it takes longer as usual to load and when it asks me to download, it doesn't download, the time increases from 5 minutes, to 10, then to 1 hour.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  12. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Oreo?
    I just did.
     
  14. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Lol yeah, I'm currently still scanning with OTL, it's taking a long time, lots of things to scan I guess?
     
  15. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    OTL logfile created on: 17/11/2010 10:00:01 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Chris\Documents
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 57.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.52 Gb Total Space | 416.27 Gb Free Space | 71.58% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/17 20:53:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Documents\OTL.exe
    PRC - [2010/11/11 00:40:16 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
    PRC - [2010/11/01 14:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/10/19 05:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2010/10/16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    PRC - [2010/07/21 04:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
    PRC - [2010/06/29 20:37:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2009/09/27 15:08:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/05/05 10:51:22 | 000,123,904 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
    PRC - [2008/12/24 11:29:30 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    PRC - [2008/05/30 09:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
    PRC - [2008/04/23 16:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
    PRC - [2008/02/01 10:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
    PRC - [2007/01/08 13:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/17 20:53:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Documents\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
    SRV:64bit: - [2010/09/06 03:00:40 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV:64bit: - [2009/07/29 07:06:07 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV:64bit: - [2009/07/29 07:06:05 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV:64bit: - [2009/07/29 07:05:42 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV:64bit: - [2008/10/03 02:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/10/19 05:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/29 20:37:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/06 08:19:00 | 003,401,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010/07/30 10:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
    DRV:64bit: - [2010/07/30 10:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
    DRV:64bit: - [2010/07/30 10:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
    DRV:64bit: - [2010/07/07 07:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/07/29 07:06:59 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
    DRV:64bit: - [2009/07/29 07:06:59 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2009/07/29 07:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/03 21:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/10/03 03:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/07/16 01:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/03 19:23:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/17 21:46:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/11/11 14:36:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins

    [2010/06/27 13:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
    [2010/11/01 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions
    [2010/09/19 15:26:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/21 13:44:38 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    [2010/11/17 21:39:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/05 15:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/27 18:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/26 15:43:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/01/22 16:03:54 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
    O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe File not found
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe File not found
    O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x64/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/17 21:59:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Documents\OTL.exe
    [2010/11/17 16:49:56 | 000,000,000 | -HSD | C] -- C:\found.000
    [2010/11/15 18:58:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Blog layouts
    [2010/11/14 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/14 10:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/11 14:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
    [2010/11/05 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/11/05 20:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MicroVolts
    [2010/11/04 18:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
    [2010/10/21 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2010/10/21 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2010/10/21 19:34:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/10/21 18:49:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Windows Live
    [2010/10/21 14:20:20 | 000,000,000 | ---D | C] -- C:\Fraps
    [2010/10/21 13:54:33 | 000,000,000 | ---D | C] -- C:\PWRD
    [2010/10/21 13:44:26 | 000,000,000 | ---D | C] -- C:\Downloads
    [2010/10/21 13:43:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\FlashGet
    [2010/10/21 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\BITS
    [2010/10/21 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\FlashGetBHO
    [2010/10/21 13:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network

    ========== Files - Modified Within 30 Days ==========

    [2010/11/17 22:06:24 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2010/11/17 22:06:19 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2010/11/17 21:46:57 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/11/17 21:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001UA.job
    [2010/11/17 21:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/17 20:53:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Documents\OTL.exe
    [2010/11/17 20:52:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/17 20:52:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/17 16:59:47 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/17 16:59:47 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/17 16:59:47 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/17 16:52:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/17 16:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/14 10:55:14 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/14 10:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001Core.job
    [2010/11/11 17:05:00 | 000,075,264 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/11 14:36:13 | 000,002,008 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
    [2010/11/11 14:36:13 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
    [2010/11/10 21:37:07 | 000,002,437 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
    [2010/11/04 18:55:25 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
    [2010/10/29 14:41:24 | 000,000,931 | ---- | M] () -- C:\Users\Chris\Desktop\QPang.lnk
    [2010/10/26 18:54:12 | 000,000,887 | ---- | M] () -- C:\Users\Chris\Desktop\Forsaken World.lnk
    [2010/10/26 18:54:12 | 000,000,053 | ---- | M] () -- C:\Users\Chris\Desktop\Forsaken World.url
    [2010/10/21 19:27:26 | 002,990,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/21 14:20:21 | 000,000,516 | ---- | M] () -- C:\Users\Chris\Desktop\Fraps.lnk
    [2010/10/21 13:49:20 | 000,000,204 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
    [2010/10/21 13:44:20 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI
    [2010/10/20 15:57:15 | 000,000,970 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2010/10/20 15:57:15 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/14 10:55:14 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/11 14:36:11 | 000,002,008 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
    [2010/11/11 14:36:11 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
    [2010/11/04 18:55:25 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
    [2010/10/29 14:41:24 | 000,000,931 | ---- | C] () -- C:\Users\Chris\Desktop\QPang.lnk
    [2010/10/26 18:54:12 | 000,000,887 | ---- | C] () -- C:\Users\Chris\Desktop\Forsaken World.lnk
    [2010/10/26 18:54:12 | 000,000,053 | ---- | C] () -- C:\Users\Chris\Desktop\Forsaken World.url
    [2010/10/21 14:20:21 | 000,000,516 | ---- | C] () -- C:\Users\Chris\Desktop\Fraps.lnk
    [2010/10/21 13:49:20 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
    [2010/10/21 13:44:20 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
    [2010/10/20 15:57:15 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2010/09/30 13:26:28 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/09/23 15:36:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2010/09/18 15:32:06 | 000,439,048 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistMSI7889.txt
    [2010/09/18 15:32:06 | 000,011,478 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistUI7889.txt
    [2010/09/14 15:12:43 | 000,529,442 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistMSI3125.txt
    [2010/09/14 15:12:41 | 000,014,320 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistUI3125.txt
    [2010/09/14 15:06:32 | 000,530,852 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistMSI2C69.txt
    [2010/09/14 15:06:30 | 000,014,554 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistUI2C69.txt
    [2010/08/30 13:02:40 | 000,354,866 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistMSI39A3.txt
    [2010/08/30 13:02:40 | 000,011,238 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistUI39A3.txt
    [2010/03/27 14:52:43 | 000,000,732 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
    [2010/02/26 09:55:36 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
    [2010/01/27 11:00:09 | 000,000,538 | ---- | C] () -- C:\Windows\mp3wavcon.ini
    [2010/01/27 10:59:34 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/01/10 15:37:40 | 000,436,028 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistMSI6168.txt
    [2010/01/10 15:37:39 | 000,023,094 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_vcredistUI6168.txt
    [2009/12/03 14:27:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 14:26:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/11/08 17:59:32 | 000,001,356 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
    [2009/10/29 17:26:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/10/27 16:40:45 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/10/16 14:43:33 | 000,075,264 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/04 18:14:53 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
    [2009/09/27 15:12:57 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
    [2009/09/27 15:12:57 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

    ========== LOP Check ==========

    [2010/11/17 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BITS
    [2010/07/09 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitTorrent
    [2009/12/25 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations
    [2010/10/21 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FlashGet
    [2010/10/21 13:43:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FlashGetBHO
    [2010/01/17 11:12:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Mp3 Wma Ogg Converter
    [2010/10/26 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
    [2009/12/02 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
    [2010/06/28 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
    [2010/11/17 17:28:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Rainmeter
    [2009/10/25 15:38:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
    [2009/10/04 18:15:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
    [2010/08/28 16:11:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
    [2010/01/27 11:17:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinFF
    [2010/11/14 20:02:18 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/04/14 03:20:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/07/27 18:37:38 | 000,014,922 | ---- | M] () -- C:\JavaRa.log
    [2005/09/22 21:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/17 16:52:17 | 2460,229,631 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/14 01:07:58 | 000,001,932 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/12/04 19:40:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/04 20:14:53 | 000,000,286 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/18 15:23:31 | 736,407,212 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Chris\Desktop\S4League.exe
    [2010/10/04 16:45:27 | 864,563,215 | ---- | M] () -- C:\Users\Chris\Desktop\USA_Client_100924.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2009/03/16 11:16:58 | 000,198,504 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\Tcpview.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/09/27 15:44:15 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Keep it going.
     
  17. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    OTL Extras logfile created on: 17/11/2010 10:00:01 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Chris\Documents
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 57.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.52 Gb Total Space | 416.27 Gb Free Space | 71.58% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 96 05 03 CA 58 75 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
    "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1528BD2E-4ADB-4A6B-ADDF-B6176A3D475E}" = lport=62607 | protocol=6 | dir=in | name=s4 league |
    "{33687CBB-D77A-47E3-88E6-7E55C2709FD4}" = lport=28002 | protocol=6 | dir=in | name=a |
    "{3D84BC7A-7431-46D7-8F8C-87FB090BE6B2}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
    "{433E44F4-1E5C-45A0-9D82-31B90FF9497B}" = lport=6112 | protocol=17 | dir=in | name=a |
    "{43DAFF54-48A6-4BC8-901C-387665911454}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{46D12291-9723-459C-B051-1ABE1C7C2860}" = lport=62609 | protocol=6 | dir=in | name=s4 league |
    "{53B43935-CB7C-46F2-84E7-5B0D4180A723}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
    "{914B93DB-0FC6-47D4-B718-E926B904942A}" = lport=28013 | protocol=6 | dir=in | name=a |
    "{AE6D6415-5289-4292-8CF8-8F21385D506A}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
    "{B2649286-4B55-4AA5-8094-6D161626BA27}" = lport=62608 | protocol=6 | dir=in | name=s4 league |
    "{B63DD110-B727-420C-86A3-3D3D09A5B815}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{CDE044DB-F195-45CB-8926-07925CA60117}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{DA4B010F-3460-4074-BB1D-479AD0216544}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
    "{E24F55AF-6CB7-4AF6-9246-EE12E7A1014C}" = lport=28008 | protocol=6 | dir=in | name=a |
    "{EFEF293C-4A5D-403E-A816-870A409DD5A3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{FA640447-0B1E-4E56-B91C-8B3E8531B2EE}" = lport=28012 | protocol=6 | dir=in | name=a |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01232EBE-FCDF-4613-90CE-EC71DACDB8D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{05B8FBCA-6DD5-4F1B-B3BF-D3856D8EFB42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{06778477-03DC-45D9-9DE5-D29BB91BE4FC}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{2AFECDE1-B83F-4942-8827-3E111049F85D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
    "{2BFAA777-2AF5-430B-96CD-DB67C8E026C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{37E4D942-50B2-4BF9-86F7-A6CF41F359A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    "{3C239954-F132-4385-9294-538512597DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{436B8613-E1E3-46AB-AD88-DD0BA42A2FAF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "{43EFED32-4DD2-4A3C-A6D4-1D894A86DC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{4CDDA52A-2BDA-4892-884C-BAC944EC5DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{6579C560-A96E-4761-885E-7284F68C02DC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{6CBA765B-1986-4DCA-8824-E450999A8E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{78191DE4-6124-4589-BF86-48B9F19D254B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{7D5714F2-8D26-49CC-8727-53B29C1F9E1F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{820A5D6D-AA9B-4875-A12E-EFEAEF060420}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    "{89670EAC-6FEB-4D7A-A039-0ABB0D046E3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8D9FBDA9-C45A-4DED-ABC1-E73E3F19F4AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
    "{9A9C0E02-583B-4C73-A671-8D985A43482A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
    "{9CC0CA2A-A56E-4F5D-B7BB-39DCC07770A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A25EFCBE-2C3B-4141-A497-AB707770BACF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{A2F84CFD-4C1A-4E45-9DB8-459AC670B9C5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A74BEC00-20B7-4103-BD2C-17D0A51D4A8B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{AF68B2E1-AC28-49E6-B47C-6D4C634A583E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{C1E8A4DA-40EA-4483-ACD5-EEF1F956DC3F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{C7AD4B2B-F2DD-4782-A386-2E53536163AD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{CC1B53AB-9705-43AF-AD3E-3FE39F381FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{CFA6B5EB-6BF1-44C5-9B17-20E8D349EA82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{CFDDBAFF-E51F-491B-A948-CAF5008DD014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{D2092EE6-0816-4460-9A99-EF6304C8DB82}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{D5E2D9AD-1BE6-4DDF-8930-D50B28F89CD6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{E935B2D5-EF79-4856-BDB6-B653E939E373}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
    "{EE8BEB7B-2537-4771-B372-0EFE61AADAC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{F683BD2E-8420-4D8B-8FE0-3DF9993525AA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{F6C3F33F-81F1-47B5-BC26-187C05DD297F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{FE3CDDD2-7035-4596-B5C5-AA67C7320311}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FFC58E13-9BB2-4DE4-92AA-BC1D739C76E5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "TCP Query User{34E5E811-8D33-4068-9909-12BE95CB0CEB}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "TCP Query User{3CBC8FB6-5DD3-412B-BD1D-790874324A4D}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "TCP Query User{677D24CB-25F0-4828-8F29-227669B453C6}C:\windows\lmi6920.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi6920.tmp\lmi_rescue.exe |
    "TCP Query User{8D40CA54-5853-47C4-9790-82666EF78ECD}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "TCP Query User{C4B0FB50-58F5-4AB4-AD3F-85FFFEB53716}C:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err" = protocol=6 | dir=in | app=c:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err |
    "TCP Query User{FAFE0787-4DCD-4505-AC50-882CF1E2D8D8}C:\gamescampus\heroes in the sky\his.exe" = protocol=6 | dir=in | app=c:\gamescampus\heroes in the sky\his.exe |
    "UDP Query User{001DE772-E222-42E9-9816-7A4E3D8B2AF9}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "UDP Query User{19CFCA8B-A444-436D-9984-177386E68A89}C:\gamescampus\heroes in the sky\his.exe" = protocol=17 | dir=in | app=c:\gamescampus\heroes in the sky\his.exe |
    "UDP Query User{2F13B160-97AB-4EA7-A4D0-2E502B4DC0B7}C:\windows\lmi6920.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi6920.tmp\lmi_rescue.exe |
    "UDP Query User{79FB546A-9063-404A-B90B-0A155DEC4285}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "UDP Query User{BDB3944A-CE6A-4E70-9B4A-09FF107C8FD5}C:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err" = protocol=17 | dir=in | app=c:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err |
    "UDP Query User{D4A332C5-E224-4602-B0AC-71309718299B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C4E9AECF-A522-E656-9909-20269C9BDF73}" = ATI Catalyst Install Manager
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
    "{F41CB1E8-4F70-9F2F-1C8A-3D17156D451C}" = ccc-utility64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0017A998-81D6-3C60-37BA-CC0270227FE4}" = CCC Help Norwegian
    "{05308138-2A97-6457-DEFD-A9DAA0A4BB6B}" = Catalyst Control Center Localization Spanish
    "{0AD63F91-AC37-E543-AB30-2E31F101C6FD}" = Skins
    "{1294D937-4D0A-2481-0AE5-713E10803544}" = CCC Help Japanese
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1EFAA3FF-06D7-463A-0116-5AF5A9801BC3}" = Catalyst Control Center Localization Swedish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{2C11389D-7D84-25A8-6511-EDAC3C894CDF}" = Catalyst Control Center Localization Norwegian
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3474C36B-005C-5D61-3806-319C9F22B014}" = Catalyst Control Center Localization Finnish
    "{34D6D60D-7FD1-42F3-ACD5-680E15F66950}" = S4 League_EU
    "{3510C83C-0103-D6A6-42E2-2393D95E130A}" = Catalyst Control Center Graphics Full New
    "{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{465E6ED3-E9C8-0578-2EAF-14306B537947}" = Catalyst Control Center Core Implementation
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10
    "{5506C4D6-B86C-841A-C8FB-C0A1778DE588}" = Catalyst Control Center Localization Danish
    "{5903BD7F-67A1-3EB7-1E38-D8E916DA18C6}" = CCC Help Dutch
    "{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{60C1AF18-EA45-7488-5C95-4EC64F93B727}" = ViiKii Desktop Plug-in
    "{64D7A8CF-A1C5-F905-437F-E71DB9C20318}" = CCC Help Spanish
    "{675F649A-1775-7D59-0724-906116A4FA41}" = Catalyst Control Center Localization Italian
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{70080BD1-A2DE-E4B2-AB57-4C1A940BCC72}" = Catalyst Control Center Localization German
    "{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83A0E37B-17DF-161A-7D5F-6CEB5B59D8C5}" = CCC Help French
    "{895B75F0-0EDA-6CC3-03FA-18068BC27ED4}" = Catalyst Control Center Localization Dutch
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CF9ED6F-4AAC-DF47-0B98-D77B44F8FE58}" = CCC Help English
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B69991AB-BE6D-C759-B3BC-5D318753592E}" = CCC Help Swedish
    "{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
    "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
    "{C3F677EC-AC3C-22AD-FF91-1FF1918CB182}" = Catalyst Control Center Localization Japanese
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C885D139-5092-D20B-EC30-3FCAF3AC3EF2}" = CCC Help Danish
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
    "{E0326792-4269-7E77-2CA0-FAE03F45A388}" = Catalyst Control Center Graphics Previews Vista
    "{E0E21795-C479-927B-AE38-968CDBC932EF}" = ccc-core-static
    "{E40096C5-F047-C5A9-7119-A4DFB0DE0775}" = Catalyst Control Center Localization French
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
    "{ED854376-A148-5760-598B-EF3EFD647222}" = Catalyst Control Center Graphics Full Existing
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2F704C8-0B59-A3B3-D69B-805D06629B08}" = CCC Help Italian
    "{F8C7A3FD-81B8-E9F1-7989-D138A7D59047}" = Catalyst Control Center Graphics Light
    "{FD06CF26-F9DB-C201-B3B0-6155DAB99514}" = CCC Help German
    "{FD3D5956-1F39-9DA1-5780-4749847B965A}" = CCC Help Finnish
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AsdaStory" = AsdaStory
    "AsdaStoy" = AsdaStoy
    "Audacity_is1" = Audacity 1.2.6
    "BitTorrent" = BitTorrent
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Fraps" = Fraps
    "Game Booster_is1" = Game Booster
    "GAMESCAMPUSSOULMASTER" = SoulMaster
    "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.6
    "Gateway Screensaver" = Gateway ScreenSaver
    "GOM Player" = GOM Player
    "Google Desktop" = Google Desktop
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
    "Office14.PUBLISHERR" = Microsoft Publisher 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "QPang" = QPang
    "Rainmeter" = Rainmeter (remove only)
    "Secunia PSI" = Secunia PSI
    "TeamViewer 5" = TeamViewer 5
    "ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 27/06/2010 12:52:54 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/06/2010 12:52:54 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/06/2010 12:52:54 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/06/2010 12:52:59 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 27/06/2010 2:29:27 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 27/06/2010 4:03:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 27/06/2010 4:03:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 27/06/2010 4:03:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 27/06/2010 4:03:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 27/06/2010 4:03:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    [ System Events ]
    Error - 14/11/2010 1:52:32 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 16/11/2010 12:32:14 AM | Computer Name = Home-PC | Source = DCOM | ID = 10010
    Description =

    Error - 16/11/2010 6:50:42 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\GamesCampus\SoulMaster\GameGuard\dump_wmimmc.sys has been blocked
    from loading due to incompatibility with this system. Please contact your software
    vendor for a compatible version of the driver.

    Error - 16/11/2010 6:50:44 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/11/2010 8:43:49 PM | Computer Name = Home-PC | Source = DCOM | ID = 10010
    Description =

    Error - 17/11/2010 7:20:10 PM | Computer Name = Home-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:18:33 PM on 17/11/2010 was unexpected.

    Error - 17/11/2010 7:52:21 PM | Computer Name = Home-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:33:21 PM on 17/11/2010 was unexpected.

    Error - 18/11/2010 12:46:57 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
    Description =

    Error - 18/11/2010 12:46:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 18/11/2010 12:46:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe File not found
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chris
    ->Temp folder emptied: 15275407 bytes
    ->Temporary Internet Files folder emptied: 14779352 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 35059693 bytes
    ->Google Chrome cache emptied: 172355757 bytes
    ->Flash cache emptied: 77985 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 160558 bytes
    ->Temporary Internet Files folder emptied: 1021742 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 79403056 bytes
    ->Flash cache emptied: 57506 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15718812 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 5799262091 bytes

    Total Files Cleaned = 5,849.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Chris
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Home
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11172010_221819

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.1
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Trend Micro Internet Security SfCtlCom.exe
    Trend Micro Internet Security TmProxy.exe
    Trend Micro Internet Security TmPfw.exe
    Trend Micro BM TMBMSRV.exe
    Trend Micro Internet Security UfSeAgnt.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````


    Won't let me download TFC, another link please?

    And should I just continue on with ESET?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Hold on, please...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  23. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK :)..................
     
  25. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    ESET won't run, every time I try running it on IE, it freezes then restarts IE. Any other ways?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...